CVE-2022-3705
vim autocmd quickfix.c qf_update_buffer use after free
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
Se ha encontrado una vulnerabilidad en vim y ha sido clasificada como problemática. El problema afecta a la función qf_update_buffer del archivo quickfix.c del componente autocmd Handler. La manipulación conlleva a un uso de memoria previamente liberada. El ataque puede ser lanzado remotamente. La actualización a versión 9.0.0805 puede abordar este problema. El nombre del parche es d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. Es recomendado actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-212324
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-26 CVE Reserved
- 2022-10-26 CVE Published
- 2024-06-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-416: Use After Free
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2023/Jan/19 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20221223-0004 | Third Party Advisory |
|
| https://support.apple.com/kb/HT213605 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | < 9.0.0805 Search vendor "Vim" for product "Vim" and version " < 9.0.0805" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||