CVE-2024-43790

Name of the Vulnerable Software and Affected Versions Vim versions prior to v9.1.0689

Description The issue is related to a buffer overflow in the Vim text editor. When the search-count message is disabled and right-left mode is enabled, the search pattern is reversed and allocated in a new buffer. If the search pattern contains ASCII NUL characters, the allocated buffer will be smaller than the original, causing an overflow when accessing characters inside the buffer. This can potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to v9.1.0689, update to Vim patch v9.1.0689 or later to resolve the issue. As a temporary workaround, consider disabling the right-left mode (:set norl) when performing searches to minimize the risk of exploitation. Additionally, avoid using search patterns that contain ASCII NUL characters until the issue is resolved.