Use After Free (CVE-2024-47814)
CVE编号
CVE-2024-47814利用情况
暂无补丁情况
N/A披露时间
2024-10-07漏洞描述
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
---|---|
https://access.redhat.com/security/cve/CVE-2024-47814 | |
https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 | |
https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg |
- 攻击路径 本地
- 攻击复杂度 低
- 权限要求 低
- 影响范围 未更改
- 用户交互 需要
- 可用性 低
- 保密性 无
- 完整性 低
CWE-ID | 漏洞类型 |
CWE-416 | 释放后使用 |
Exp相关链接

版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论