How severe is CVE-2024-43790?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.5 out of 10.

What type of vulnerability is CVE-2024-43790?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2024-43790 - MEDIUM Severity | CVSS 4.5

Vulnerability Description

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.

Related Vulnerabilities

CVE-2024-43802

MEDIUM

CVSS:4.5(Medium)

Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left ...

CWE-1222024

CVE-2025-47814

MEDIUM

CVSS:4.5(Medium)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.

CWE-1222025

CVE-2025-47815

MEDIUM

CVSS:4.5(Medium)

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.

CWE-1222025

CVE-2023-32157

MEDIUM

CVSS:4.6(Medium)

Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3...

CWE-1222023

CVE-2024-37601

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, ...

CWE-1222024

CVE-2020-13494

MEDIUM

CVSS:4.3(Medium)

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result...

CWE-1222020