AZL-50138

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50138.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-50138

Upstream

CVE-2024-47814

Published

2024-10-07T22:15:03Z

Modified

2026-04-01T05:17:28.698792Z

Summary

CVE-2024-47814 affecting package vim for versions less than 9.1.0791-1

Details

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47814

Affected packages

Azure Linux:2 / vim

Package

Name: vim
Purl: pkg:rpm/azure-linux/vim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.0791-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50138.json"