CVE-2024-43374 – CVE-2024-43374 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-43374?

CVE-2024-43374 has a CVSS score of 4.5 (MEDIUM). CVE-2024-43374 is a use-after-free vulnerability in Vim's argument list handling that can cause the editor to crash. It affects users running Vim versions prior to 9.1.0678 who manually create unusual autocommands or source malicious plugins. The impact is limited to denial of service (crash) rather than remote code execution.

📋 TL;DR

CVE-2024-43374 is a use-after-free vulnerability in Vim's argument list handling that can cause the editor to crash. It affects users running Vim versions prior to 9.1.0678 who manually create unusual autocommands or source malicious plugins. The impact is limited to denial of service (crash) rather than remote code execution.

💻 Affected Systems

Products:

Vim (Vi IMproved)

Versions: All versions prior to 9.1.0678

Operating Systems: All operating systems running Vim

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when users create specific autocommands that close buffers during buffer creation, either manually or via malicious plugins.

📦 What is this software?

Bootstrap Os by Netapp

View all CVEs affecting Bootstrap Os →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Vim crashes unexpectedly, potentially causing data loss in unsaved buffers.

🟠

Likely Case

Vim crashes when users intentionally create autocommands that close buffers during creation, requiring manual restart.

🟢

If Mitigated

No impact if patched or if users avoid unusual autocommand configurations.

🌐 Internet-Facing: LOW - Vim is typically not an internet-facing service.

🏢 Internal Only: LOW - Requires user interaction with specific autocommand configurations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires user to create specific autocommand behavior or source malicious plugin. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.1.0678

Vendor Advisory: https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw

Restart Required: No

Instructions:

1. Update Vim to version 9.1.0678 or later. 2. For package managers: 'sudo apt update && sudo apt upgrade vim' (Debian/Ubuntu) or 'sudo yum update vim' (RHEL/CentOS). 3. For source builds: Download latest from vim.org and compile.

🔧 Temporary Workarounds

Avoid risky autocommands

all

Do not create autocommands that close buffers during buffer creation events.

Disable autocommands temporarily

all

Temporarily disable autocommands when adding files to argument list.

vim -c 'set eventignore=all' -c 'argadd file.txt'

🧯 If You Can't Patch

Avoid sourcing untrusted Vim plugins or configuration files
Use alternative editors like Neovim or nano for critical operations

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is below 9.1.0678

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 9.1.0678 or higher

📡 Detection & Monitoring

Log Indicators:

Vim crash logs
Core dumps from vim process

SIEM Query:

process_name:vim AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2024-43374

CVSS v3 Score: 4.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-416

Published: August 16, 2024

Last Updated: August 25, 2025

🔗 References

https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 Patch
https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/08/15/6 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20240920-0004/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43374, you might also want to check these: