发布时间: 2024年10月12日
修改时间: 2024年10月12日
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Local | Local |
| CVSS评分 | 4.7 | 3.9 |
| Attack Complexity | High | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | None | Low |
| User Interaction | None | Required |
| Availability | High | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-4093 | vim security update | 2025年2月8日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | vim | Fixed |
| KY3.5.2 | vim | Fixed |
| KY3.5.3 | vim | Fixed |
| V6 | vim | Fixed |
