{"id":"CVE-2024-45306","summary":"heap-buffer-overflow in Vim","details":"Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of\na line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at\nthe specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.","aliases":["GHSA-wxf9-c5gx-qrwr"],"modified":"2026-05-20T04:02:03.153709140Z","published":"2024-09-02T16:35:17.444Z","related":["CGA-rw33-j6gr-q2cj","SUSE-SU-2025:0722-1","SUSE-SU-2025:0723-1","SUSE-SU-2025:0724-1","SUSE-SU-2025:20128-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45306.json","cwe_ids":["CWE-122"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/vim/vim/releases/tag/v9.1.0038"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45306.json"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45306"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241004-0007/"},{"type":"FIX","url":"https://github.com/vim/vim/commit/396fd1ec2956307755392a1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vim/vim","events":[{"introduced":"4ea37f88e8345ca830271636a2e197a1a46114d2"},{"fixed":"396fd1ec2956307755392a1c61f55d5c1847f308"}]}],"versions":["v9.1.0706","v9.1.0705","v9.1.0704","v9.1.0703","v9.1.0702","v9.1.0701","v9.1.0700","v9.1.0699","v9.1.0698","v9.1.0697","v9.1.0696","v9.1.0695","v9.1.0694","v9.1.0693","v9.1.0692","v9.1.0691","v9.1.0690","v9.1.0689","v9.1.0688","v9.1.0687","v9.1.0686","v9.1.0685","v9.1.0684","v9.1.0683","v9.1.0682","v9.1.0681","v9.1.0680","v9.1.0679","v9.1.0678","v9.1.0677","v9.1.0676","v9.1.0675","v9.1.0674","v9.1.0673","v9.1.0672","v9.1.0671","v9.1.0670","v9.1.0669","v9.1.0668","v9.1.0667","v9.1.0666","v9.1.0665","v9.1.0664","v9.1.0663","v9.1.0662","v9.1.0661","v9.1.0660","v9.1.0659","v9.1.0658","v9.1.0657","v9.1.0656","v9.1.0655","v9.1.0654","v9.1.0653","v9.1.0652","v9.1.0651","v9.1.0650","v9.1.0649","v9.1.0648","v9.1.0647","v9.1.0646","v9.1.0645","v9.1.0644","v9.1.0643","v9.1.0642","v9.1.0641","v9.1.0640","v9.1.0639","v9.1.0638","v9.1.0637","v9.1.0636","v9.1.0635","v9.1.0634","v9.1.0633","v9.1.0632","v9.1.0631","v9.1.0630","v9.1.0629","v9.1.0628","v9.1.0627","v9.1.0626","v9.1.0625","v9.1.0624","v9.1.0623","v9.1.0622","v9.1.0621","v9.1.0620","v9.1.0619","v9.1.0618","v9.1.0617","v9.1.0616","v9.1.0615","v9.1.0614","v9.1.0613","v9.1.0612","v9.1.0611","v9.1.0610","v9.1.0609","v9.1.0608","v9.1.0607","v9.1.0606","v9.1.0605","v9.1.0604","v9.1.0603","v9.1.0602","v9.1.0601","v9.1.0600","v9.1.0599","v9.1.0598","v9.1.0597","v9.1.0596","v9.1.0595","v9.1.0594","v9.1.0593","v9.1.0592","v9.1.0591","v9.1.0590","v9.1.0589","v9.1.0588","v9.1.0587","v9.1.0586","v9.1.0585","v9.1.0584","v9.1.0583","v9.1.0582","v9.1.0581","v9.1.0580","v9.1.0579","v9.1.0578","v9.1.0577","v9.1.0576","v9.1.0575","v9.1.0574","v9.1.0573","v9.1.0572","v9.1.0571","v9.1.0570","v9.1.0569","v9.1.0568","v9.1.0567","v9.1.0566","v9.1.0565","v9.1.0564","v9.1.0563","v9.1.0562","v9.1.0561","v9.1.0560","v9.1.0559","v9.1.0558","v9.1.0557","v9.1.0556","v9.1.0555","v9.1.0554","v9.1.0553","v9.1.0552","v9.1.0551","v9.1.0550","v9.1.0549","v9.1.0548","v9.1.0547","v9.1.0546","v9.1.0545","v9.1.0544","v9.1.0543","v9.1.0542","v9.1.0541","v9.1.0540","v9.1.0539","v9.1.0538","v9.1.0537","v9.1.0536","v9.1.0535","v9.1.0534","v9.1.0533","v9.1.0532","v9.1.0531","v9.1.0530","v9.1.0529","v9.1.0528","v9.1.0527","v9.1.0526","v9.1.0525","v9.1.0524","v9.1.0523","v9.1.0522","v9.1.0521","v9.1.0520","v9.1.0519","v9.1.0518","v9.1.0517","v9.1.0516","v9.1.0515","v9.1.0514","v9.1.0513","v9.1.0512","v9.1.0511","v9.1.0510","v9.1.0509","v9.1.0508","v9.1.0507","v9.1.0506","v9.1.0505","v9.1.0504","v9.1.0503","v9.1.0502","v9.1.0501","v9.1.0500","v9.1.0499","v9.1.0498","v9.1.0497","v9.1.0496","v9.1.0495","v9.1.0494","v9.1.0493","v9.1.0492","v9.1.0491","v9.1.0490","v9.1.0489","v9.1.0488","v9.1.0487","v9.1.0486","v9.1.0485","v9.1.0484","v9.1.0483","v9.1.0482","v9.1.0481","v9.1.0480","v9.1.0479","v9.1.0478","v9.1.0477","v9.1.0476","v9.1.0475","v9.1.0474","v9.1.0473","v9.1.0472","v9.1.0471","v9.1.0470","v9.1.0469","v9.1.0468","v9.1.0467","v9.1.0466","v9.1.0465","v9.1.0464","v9.1.0463","v9.1.0462","v9.1.0461","v9.1.0460","v9.1.0459","v9.1.0458","v9.1.0457","v9.1.0456","v9.1.0455","v9.1.0454","v9.1.0453","v9.1.0452","v9.1.0451","v9.1.0450","v9.1.0449","v9.1.0448","v9.1.0447","v9.1.0446","v9.1.0445","v9.1.0444","v9.1.0443","v9.1.0442","v9.1.0441","v9.1.0440","v9.1.0439","v9.1.0438","v9.1.0437","v9.1.0436","v9.1.0435","v9.1.0434","v9.1.0433","v9.1.0432","v9.1.0431","v9.1.0430","v9.1.0429","v9.1.0428","v9.1.0427","v9.1.0426","v9.1.0425","v9.1.0424","v9.1.0423","v9.1.0422","v9.1.0421","v9.1.0420","v9.1.0419","v9.1.0418","v9.1.0417","v9.1.0416","v9.1.0415","v9.1.0414","v9.1.0413","v9.1.0412","v9.1.0411","v9.1.0410","v9.1.0409","v9.1.0408","v9.1.0407","v9.1.0406","v9.1.0405","v9.1.0404","v9.1.0403","v9.1.0402","v9.1.0401","v9.1.0400","v9.1.0399","v9.1.0398","v9.1.0397","v9.1.0396","v9.1.0395","v9.1.0394","v9.1.0393","v9.1.0392","v9.1.0391","v9.1.0390","v9.1.0389","v9.1.0388","v9.1.0387","v9.1.0386","v9.1.0385","v9.1.0384","v9.1.0383","v9.1.0382","v9.1.0381","v9.1.0380","v9.1.0379","v9.1.0378","v9.1.0377","v9.1.0376","v9.1.0375","v9.1.0374","v9.1.0373","v9.1.0372","v9.1.0371","v9.1.0370","v9.1.0369","v9.1.0368","v9.1.0367","v9.1.0366","v9.1.0365","v9.1.0364","v9.1.0363","v9.1.0362","v9.1.0361","v9.1.0360","v9.1.0359","v9.1.0358","v9.1.0357","v9.1.0356","v9.1.0355","v9.1.0354","v9.1.0353","v9.1.0352","v9.1.0351","v9.1.0350","v9.1.0349","v9.1.0348","v9.1.0347","v9.1.0346","v9.1.0345","v9.1.0344","v9.1.0343","v9.1.0342","v9.1.0341","v9.1.0340","v9.1.0339","v9.1.0338","v9.1.0337","v9.1.0336","v9.1.0335","v9.1.0334","v9.1.0333","v9.1.0332","v9.1.0331","v9.1.0330","v9.1.0329","v9.1.0328","v9.1.0327","v9.1.0326","v9.1.0325","v9.1.0324","v9.1.0323","v9.1.0322","v9.1.0321","v9.1.0320","v9.1.0319","v9.1.0318","v9.1.0317","v9.1.0316","v9.1.0315","v9.1.0314","v9.1.0313","v9.1.0312","v9.1.0311","v9.1.0310","v9.1.0309","v9.1.0308","v9.1.0307","v9.1.0306","v9.1.0305","v9.1.0304","v9.1.0303","v9.1.0302","v9.1.0301","v9.1.0300","v9.1.0299","v9.1.0298","v9.1.0297","v9.1.0296","v9.1.0295","v9.1.0294","v9.1.0293","v9.1.0292","v9.1.0291","v9.1.0290","v9.1.0289","v9.1.0288","v9.1.0287","v9.1.0286","v9.1.0285","v9.1.0284","v9.1.0283","v9.1.0282","v9.1.0281","v9.1.0280","v9.1.0279","v9.1.0278","v9.1.0277","v9.1.0276","v9.1.0275","v9.1.0274","v9.1.0273","v9.1.0272","v9.1.0271","v9.1.0270","v9.1.0269","v9.1.0268","v9.1.0267","v9.1.0266","v9.1.0265","v9.1.0264","v9.1.0263","v9.1.0262","v9.1.0261","v9.1.0260","v9.1.0259","v9.1.0258","v9.1.0257","v9.1.0256","v9.1.0255","v9.1.0254","v9.1.0253","v9.1.0252","v9.1.0251","v9.1.0250","v9.1.0249","v9.1.0248","v9.1.0247","v9.1.0246","v9.1.0245","v9.1.0244","v9.1.0243","v9.1.0242","v9.1.0241","v9.1.0240","v9.1.0239","v9.1.0238","v9.1.0237","v9.1.0236","v9.1.0235","v9.1.0234","v9.1.0233","v9.1.0232","v9.1.0231","v9.1.0230","v9.1.0229","v9.1.0228","v9.1.0227","v9.1.0226","v9.1.0225","v9.1.0224","v9.1.0223","v9.1.0222","v9.1.0221","v9.1.0220","v9.1.0219","v9.1.0218","v9.1.0217","v9.1.0216","v9.1.0215","v9.1.0214","v9.1.0213","v9.1.0212","v9.1.0211","v9.1.0210","v9.1.0209","v9.1.0208","v9.1.0207","v9.1.0206","v9.1.0205","v9.1.0204","v9.1.0203","v9.1.0202","v9.1.0201","v9.1.0200","v9.1.0199","v9.1.0198","v9.1.0197","v9.1.0196","v9.1.0195","v9.1.0194","v9.1.0193","v9.1.0192","v9.1.0191","v9.1.0190","v9.1.0189","v9.1.0188","v9.1.0187","v9.1.0186","v9.1.0185","v9.1.0184","v9.1.0183","v9.1.0182","v9.1.0181","v9.1.0180","v9.1.0179","v9.1.0178","v9.1.0177","v9.1.0176","v9.1.0175","v9.1.0174","v9.1.0173","v9.1.0172","v9.1.0171","v9.1.0170","v9.1.0169","v9.1.0168","v9.1.0167","v9.1.0166","v9.1.0165","v9.1.0164","v9.1.0163","v9.1.0162","v9.1.0161","v9.1.0160","v9.1.0159","v9.1.0158","v9.1.0157","v9.1.0156","v9.1.0155","v9.1.0154","v9.1.0153","v9.1.0152","v9.1.0151","v9.1.0150","v9.1.0149","v9.1.0148","v9.1.0147","v9.1.0146","v9.1.0145","v9.1.0144","v9.1.0143","v9.1.0142","v9.1.0141","v9.1.0140","v9.1.0139","v9.1.0138","v9.1.0137","v9.1.0136","v9.1.0135","v9.1.0134","v9.1.0133","v9.1.0132","v9.1.0131","v9.1.0130","v9.1.0129","v9.1.0128","v9.1.0127","v9.1.0126","v9.1.0125","v9.1.0124","v9.1.0123","v9.1.0122","v9.1.0121","v9.1.0120","v9.1.0119","v9.1.0118","v9.1.0117","v9.1.0116","v9.1.0115","v9.1.0114","v9.1.0113","v9.1.0112","v9.1.0111","v9.1.0110","v9.1.0109","v9.1.0108","v9.1.0107","v9.1.0106","v9.1.0105","v9.1.0104","v9.1.0103","v9.1.0102","v9.1.0101","v9.1.0100","v9.1.0099","v9.1.0098","v9.1.0097","v9.1.0096","v9.1.0095","v9.1.0094","v9.1.0093","v9.1.0092","v9.1.0091","v9.1.0090","v9.1.0089","v9.1.0088","v9.1.0087","v9.1.0086","v9.1.0085","v9.1.0084","v9.1.0083","v9.1.0082","v9.1.0081","v9.1.0080","v9.1.0079","v9.1.0078","v9.1.0077","v9.1.0076","v9.1.0075","v9.1.0074","v9.1.0073","v9.1.0072","v9.1.0071","v9.1.0070","v9.1.0069","v9.1.0068","v9.1.0067","v9.1.0066","v9.1.0065","v9.1.0064","v9.1.0063","v9.1.0062","v9.1.0061","v9.1.0060","v9.1.0059","v9.1.0058","v9.1.0057","v9.1.0056","v9.1.0055","v9.1.0054","v9.1.0053","v9.1.0052","v9.1.0051","v9.1.0050","v9.1.0049","v9.1.0048","v9.1.0047","v9.1.0046","v9.1.0045","v9.1.0044","v9.1.0043","v9.1.0042","v9.1.0041","v9.1.0040","v9.1.0039","v9.1.0038"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45306.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}]}