CVE-2024-47814

CVSS 3.1 Score 3.9 of 10 (low)

Details

Published Oct 7, 2024
CWE ID 416

Summary

CVE-2024-47814 identifies a vulnerability in Vim versions prior to 9.1.0764, which is an open source command line text editor, specifically a use-after-free error that can occur when closing a buffer. This vulnerability is triggered by a specific user-configured BufWinLeave auto command that attempts to reopen the same buffer in a new split window, potentially leading to application crashes. Although the severity of this issue is rated as low due to its specific conditions, it requires user interaction and can be exploited locally. No workarounds are available, and users are strongly advised to upgrade to the patched version 9.1.0764 to mitigate risks associated with this vulnerability. The potential impact includes application instability but does not compromise confidentiality or integrity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share