Page 2 of 192 results (0.012 seconds)

CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0

Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. • https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 • CWE-415: Double Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. Vim anterior a 9.0.2142 tiene un desbordamiento de búfer en la región stack de la memoria porque did_set_langmap en map.c llama a sprintf para escribir en el búfer de error que se pasa a las funciones de devolución de llamada de opción. • https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UI44Y4LJLG34D4HNB6NTPLUPZREHAEL7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIQLVUSYHDN3644K6EFDI7PRZOTIKXM3 https://security.netapp.com/advisory/ntap-20240223-0008 • CWE-787: Out-of-bounds Write •

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 2

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. • http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/gandalf4a/crash_report/blob/main/vim/vim_huaf https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf860f3c26f57bb https://github.com/vim/vim/pull/13552 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DNMFS3IH74KEMMESOA3EOB6MZ56TWGFF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org&# • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. • http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/messag • CWE-755: Improper Handling of Exceptional Conditions •