Lucene search

@huntrdevCVELIST:CVE-2022-3037

HistoryAug 30, 2022 - 8:35 p.m.

CVE-2022-3037 Use After Free in vim/vim

2022-08-3020:35:10

CWE-416

@huntrdev

www.cve.org

github

vim

vulnerability

version 9.0.0322

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

CNA Affected

[
  {
    "product": "vim/vim",
    "vendor": "vim",
    "versions": [
      {
        "lessThan": "9.0.0322",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb

huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

Related for CVELIST:CVE-2022-3037