PT-2024-7290 · Vim+6 · Vim+6

Gandalf4A

Published

2024-10-07

Updated

2025-03-30

CVE-2024-47814

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.0764

Description: The issue is related to a use-after-free problem in the BufWinLeave function of the Vim text editor. This occurs when a buffer is closed and the BufWinLeave auto command is triggered, potentially causing the same buffer to be reopened in a new split window. The impact is considered low, as it requires a specific setup and intentional actions by the user. However, it may lead to a crash. There are no known instances of this issue being exploited in real-world attacks.

Recommendations: For versions prior to 9.1.0764, upgrade to version 9.1.0764 or later to resolve the issue. As a temporary workaround, consider disabling the BufWinLeave auto command until a patch is available. Avoid using the BufWinLeave auto command in scenarios where it may cause a buffer to be reopened in a new split window.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-50138

AZL-50176

BDU:2024-08644

CVE-2024-47814

DLA-4097-1

GHSA-RJ48-V4MQ-J4VG

MGASA-2024-0329

OESA-2024-2235

OPENSUSE-SU-2024_4330-1

SUSE-SU-2024:4330-1

SUSE-SU-2024:4409-1

SUSE-SU-2025:20128-1

USN-7131-1

Affected Products

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2024-7290 · Vim+6 · Vim+6

CVE-2024-47814

Weakness Enumeration

Related Identifiers

Affected Products

References · 71