CVE-2022-3705

MEDIUM

Vim < 9.0.0805 - Use After Free

Title source: rule
STIX 2.1

Description

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.

References (10)

Core 10
Core References
Permissions Required, Third Party Advisory
https://vuldb.com/?id.212324
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Jan/19
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-16

Scores

CVSS v3 5.0
EPSS 0.0045
EPSS Percentile 63.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-119 CWE-416
Status published
Products (5)
debian/debian_linux 10.0
fedoraproject/fedora 35
fedoraproject/fedora 36
netapp/active_iq_unified_manager
vim/vim < 9.0.0805
Published Oct 26, 2022
Tracked Since Feb 18, 2026