CVE-2024-43790

{"id": "CVE-2024-43790", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.0}]}, "published": "2024-08-22T22:15:05.317", "references": [{"url": "https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc", "source": "security-advisories@github.com"}, {"url": "https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm", "source": "security-advisories@github.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240920-0005/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689."}, {"lang": "es", "value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. Cuando se realiza una b\u00fasqueda y se deshabilita la visualizaci\u00f3n del mensaje de recuento de b\u00fasqueda (:set shm+=S), el patr\u00f3n de b\u00fasqueda se muestra en la parte inferior de la pantalla en un b\u00fafer (msgbuf). Cuando el modo derecha-izquierda (:set rl) est\u00e1 habilitado, el patr\u00f3n de b\u00fasqueda se invierte. Esto sucede asignando un nuevo b\u00fafer. Si el patr\u00f3n de b\u00fasqueda contiene algunos caracteres ASCII NUL, el b\u00fafer asignado ser\u00e1 m\u00e1s peque\u00f1o que el b\u00fafer asignado original (porque para asignar el b\u00fafer invertido, se llama a la funci\u00f3n strlen(), que solo cuenta hasta que detecta un byte ASCII NUL) y por lo tanto el indicador de longitud original es incorrecto. Esto provoca un desbordamiento al acceder a caracteres dentro del msgbuf por la longitud anterior (ahora incorrecta) del msgbuf. El problema se solucion\u00f3 a partir del parche Vim v9.1.0689."}], "lastModified": "2024-11-21T09:35:52.580", "sourceIdentifier": "security-advisories@github.com"}