Detections
Analytics

Vim < 9.1.0697 Heap Buffer Overflow

medium Nessus Plugin ID 206346

Language:

Synopsis

A text editor installed on the remote Windows host is affected by a heap buffer overflow vulnerability

Description

The version of Vim installed on the remote Windows host is prior to 9.1.0697. It is, therefore, affected by a heap buffer overflow vulnerability. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to vim version 9.1.0697 or later.

See Also

https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh

Plugin Details

Severity: Medium

ID: 206346

File Name: vim_9_1_0697.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 8/30/2024

Updated: 9/6/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 3.7

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2024-43802

CVSS v3

Risk Factor: Medium

Base Score: 4.5

Temporal Score: 3.9

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:vim:vim

Required KB Items: SMB/Registry/Enumerated, installed_sw/Vim

Exploit Ease: No known exploits are available

Patch Publication Date: 8/25/2024

Vulnerability Publication Date: 8/22/2024

Reference Information

CVE: CVE-2024-43802

IAVA: 2024-A-0526-S