CVE-2024-45306

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.0707

Description Vim is an open source, command line text editor. A change in how the cursor position is calculated, made in patch v9.1.0038, removed a loop that verified the cursor position always points inside a line. This change made it possible for the cursor position to become invalid and point beyond the end of a line, potentially causing a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. The only observed impact has been a program crash. It's not quite clear yet what can lead to this situation that the cursor points to an invalid position.

Recommendations For versions prior to 9.1.0707, upgrade to the latest release to mitigate potential vulnerabilities. As a temporary workaround, consider disabling any features that may trigger the invalid cursor position until a patch is available.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2024-17009

ALT-PU-2024-17133

ALT-PU-2024-17154

ALT-PU-2024-17456

CVE-2024-45306

GHSA-WXF9-C5GX-QRWR

OPENSUSE-SU-2025_0723-1

ROSA-SA-2025-2590

SUSE-SU-2025:0722-1

SUSE-SU-2025:0723-1

SUSE-SU-2025:0724-1

SUSE-SU-2025:20128-1

SUSE-SU-2025_0722-1

SUSE-SU-2025_0723-1

Affected Products

Alt Linux

Astra Linux

Apple Macos

Red Os

Suse

Vim

CVE-2024-45306

Weakness Enumeration

Related Identifiers

Affected Products

References · 52