CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2024-45306 — MEDIUM severity vulnerability | Release Alert
CVE-2024-45306
4.5
MEDIUMCVSS v3
Published
September 2, 2024
Affected
4 projects
Assigned by
GitHub
Severity scale
010
Description
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of
a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at
the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
ChocolateyVim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.
Vim is often called a programmer's editor, and so useful for programming that many consider it an entire IDE. It's not just for programmers, though. Vim is perfect for all kinds of text editing, from composing email to editing configuration files.
## Features
* **Vim**: Vim terminal(CLI) application can be used from Powershell and Command Prompt.
* **GVim**: The GUI version of Vim provides full featured Windows GUI application experience.
* **Terminal Integration**: Batch files are created to provide `vim`, `gvim`, `evim`, `view`, `gview`, `vimdiff`, `gvimdiff` and `vimtutor` command on terminal use.
* **Shell Integration**: Vim is added in `Open with ...` context menu. And by default `Edit with Vim` context menu is created to open files whose extensions are associated with other applications.
## Package parameters
- `/InstallDir` - Override the installation directory. By default, the software is installed in `$ChocolateyToolsLocation`, it's default value is `C:\tools`. You can include spaces. See the example below.
- `/RestartExplorer` - Restart Explorer to unlock `GVimExt.dll` used for `Edit with Vim` context menu feature.
- `/NoDefaultVimrc` - Don't create default `_vimrc` file.
- `/NoContextmenu` - Don't create `Edit with Vim` context menu.
- `/NoDesktopShortcuts` - Don't create shortcuts on the desktop.
Example: `choco install vim --params "'/NoDesktopShortcuts /InstallDir:C:\path\to\your dir'"`
## Notes
- **Antivirus Detections**. Some files in the package are being picked up by VirusTotal as malicious. Please see these [GitHub issues](https://github.com/vim/vim-win32-installer/issues?q=is%3Aissue+is%3Aclosed+virus) for more information.
- This package uses the ZIP build to install to provide installation parameters.
- All compilation of the software is automated and performed on Appveyor. The building status is open.
- This package provides an official build. Similar package `vim-tux` is from a well-known unofficial vim building project. Unlike `vim-tux`, this package can take some installation parameters.
- **If the package is out of date please check [Version History](#versionhistory) for the latest submitted version. If you have a question, please ask it in [Chocolatey Community Package Discussions](https://github.com/chocolatey-community/chocolatey-packages/discussions) or raise an issue on the [Chocolatey Community Packages Repository](https://github.com/chocolatey-community/chocolatey-packages/issues) if you have problems with the package. Disqus comments will generally not be responded to.**