vulnerability

Amazon Linux 2023: CVE-2024-47814: Medium priority package update for vim

Try Surface Command
Back to search
Severity
3
CVSS
(AV:L/AC:M/Au:S/C:N/I:P/A:P)
Published
Oct 7, 2024
Added
Feb 17, 2025
Modified
Jul 4, 2025

Description

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.

Solutions

amazon-linux-2023-upgrade-vim-commonamazon-linux-2023-upgrade-vim-dataamazon-linux-2023-upgrade-vim-debuginfoamazon-linux-2023-upgrade-vim-debugsourceamazon-linux-2023-upgrade-vim-default-editoramazon-linux-2023-upgrade-vim-enhancedamazon-linux-2023-upgrade-vim-enhanced-debuginfoamazon-linux-2023-upgrade-vim-filesystemamazon-linux-2023-upgrade-vim-minimalamazon-linux-2023-upgrade-vim-minimal-debuginfoamazon-linux-2023-upgrade-xxdamazon-linux-2023-upgrade-xxd-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today