{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-47814", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-10-03T14:06:12.637Z", "datePublished": "2024-10-07T21:16:01.796Z", "dateUpdated": "2025-11-03T20:40:54.041Z"}, "containers": {"cna": {"title": "use-after-free when closing buffers in Vim", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg"}, {"name": "https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": "< v9.1.0764", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-07T21:16:01.796Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-rj48-v4mq-j4vg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T14:12:43.174675Z", "id": "CVE-2024-47814", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:12:51.349Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250411-0009/"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:40:54.041Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250411-0009/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-11T22:03:20.262Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47814", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-08T14:12:43.174675Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:12:47.208Z"}}], "cna": {"title": "use-after-free when closing buffers in Vim", "source": {"advisory": "GHSA-rj48-v4mq-j4vg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"status": "affected", "version": "< v9.1.0764"}]}], "references": [{"url": "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg", "name": "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3", "name": "https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-10-07T21:16:01.796Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47814", "state": "PUBLISHED", "dateUpdated": "2025-04-11T22:03:20.262Z", "dateReserved": "2024-10-03T14:06:12.637Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-10-07T21:16:01.796Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA95E64D-199E-4374-9712-924E31696034", "versionEndExcluding": "9.1.0764", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. Se encontr\u00f3 un Use After Free en Vim anterior a la versi\u00f3n 9.1.0764. Al cerrar un b\u00fafer (visible en una ventana), un comando autom\u00e1tico BufWinLeave puede provocar un Use After Free si este comando autom\u00e1tico vuelve a abrir el mismo b\u00fafer en una nueva ventana dividida. El impacto es bajo, ya que el usuario debe haber configurado intencionalmente un comando autom\u00e1tico tan extra\u00f1o y haber ejecutado algunos comandos de descarga de b\u00fafer. Sin embargo, esto puede provocar un bloqueo. Este problema se ha solucionado en la versi\u00f3n 9.1.0764 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad."}], "id": "CVE-2024-47814", "lastModified": "2025-11-03T21:16:30.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-07T22:15:03.657", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20250411-0009/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: use-after-free when closing buffers in Vim", "id": "2317096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317096"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service."], "name": "CVE-2024-47814", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-10-07T21:16:01Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47814\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47814\nhttps://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3\nhttps://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg"], "statement": "The impact is Low since the user must intentionally configure an uncommon auto command and run some buffer unload commands in order to trigger the issue.", "threat_severity": "Low"}

{"created": "2025-07-12T15:42:36.797972+00:00", "updated": "2025-07-12T15:42:36.798021+00:00", "vendors": ["vim", "vim$PRODUCT$vim"]}