Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-24014

Опубликовано: 20 янв. 2025
Источник: nvd
CVSS3: 4.2
CVSS3: 5.5
EPSS Низкий

Описание

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Версия до 9.1.1043 (исключая)
Конфигурация 2

Одновременно

cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

EPSS

Процентиль: 12%
0.00041
Низкий

4.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2025-24014

CVSS3: 4.2
ubuntu
7 месяцев назад

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

redhat логотип

CVE-2025-24014

CVSS3: 4.2
redhat
7 месяцев назад

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

msrc логотип

CVE-2025-24014

CVSS3: 4.2
msrc
7 месяцев назад

Описание отсутствует

debian логотип

CVE-2025-24014

CVSS3: 4.2
debian
7 месяцев назад

Vim is an open source, command line text editor. A segmentation fault ...

fstec логотип

BDU:2025-01409

CVSS3: 4.2
fstec
7 месяцев назад

Уязвимость текстового редактора vim, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 12%
0.00041
Низкий

4.2 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-787