CVE-2024-43790: 
Vim vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability (CVE-2024-43790) was discovered in Vim versions greater than 9.1.0425 and less than 9.1.0689. The vulnerability was discovered on August 22, 2024, affecting the text editor's search functionality when specific conditions are met (GitHub Advisory).

The vulnerability occurs when performing a search with the search-count message disabled (:set shm+=S) and right-left mode enabled (:set rl). When the search pattern contains ASCII NUL characters, the buffer allocated for the reversed pattern becomes smaller than the original buffer due to strlen() function only counting until it encounters an ASCII NUL byte. This mismatch in buffer sizes leads to a heap-based buffer overflow when accessing characters inside the msgbuf using the incorrect length indicator (GitHub Advisory). The vulnerability has been assigned a CVSS v3.1 base score of 4.5 (Medium) with the vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (NVD).

The successful exploitation of this vulnerability could lead to disclosure of sensitive information, modification of data, or Denial of Service (DoS). However, the impact is considered low due to the specific conditions required: search count functionality must be disabled, right-left mode must be enabled (a rarely used feature), and the search pattern must include ASCII NUL bytes (GitHub Advisory, NetApp Advisory).

The vulnerability has been fixed in Vim patch v9.1.0689. Users are advised to upgrade to this version or later to mitigate the issue (GitHub Advisory).

Various vendors have responded to this vulnerability. NetApp has issued an advisory (NTAP-20240920-0005) and is investigating the impact on their products (NetApp Advisory).