Description
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
References (13)
Core 13
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202208-32
Mailing List, Release Notes, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/41
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-16
Patch, Third Party Advisory
https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c
Exploit, Patch, Third Party Advisory
https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
Release Notes, Third Party Advisory
https://support.apple.com/kb/HT213488
Scores
CVSS v3
7.8
EPSS
0.0015
EPSS Percentile
35.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (7)
apple/macos
< 13.0
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
34
fedoraproject/fedora
35
fedoraproject/fedora
36
vim/vim
< 8.2.4895
Published
May 07, 2022
Tracked Since
Feb 18, 2026