CVE-2022-3705Improper Restriction of Operations within the Bounds of a Memory Buffer in Cbl2 VIM 9.0.0805-1 ON CBL Mariner 2.0

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After Free9 documents8 sources
Severity
7.5HIGHNVD
OSV7.8
EPSS
0.4%
top 37.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
VIMDebian VIMApple Macos Ventura+4 more
Timeline
PublishedOct 26
Latest updateOct 9

Description

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages7 packages

NVDvim/vim< 9.0.0805
debiandebian/vim< vim 2:9.0.0813-1 (bookworm)
Debianvim/vim< 2:9.0.0813-1+2

Also affects: Debian Linux 10.0, Fedora 35, 36

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
vim vulnerabilities2023-10-09
GHSA
GHSA-vwcr-hcq5-36jr: A vulnerability was found in vim and classified as problematic2022-10-27
OSV
CVE-2022-3705: A vulnerability was found in vim and classified as problematic2022-10-26

📋Vendor Advisories

5
Ubuntu
Vim vulnerabilities2023-10-09
Apple
CVE-2022-3705: macOS Ventura 13.22023-01-23
Red Hat
vim: a use after free in the function qf_update_buffer2022-10-26
Microsoft
vim autocmd quickfix.c qf_update_buffer use after free2022-10-11
Debian
CVE-2022-3705: vim - A vulnerability was found in vim and classified as problematic. Affected by this...2022
CVE-2022-3705 — HIGH severity | cvebase