CVE-2022-3705

2022-10-2620:15:10

Debian Security Bug Tracker

security-tracker.debian.org

vulnerability

vim

quickfix.c

use after free

remote attack

upgrade

patch

component

identifier

vdb-212324

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

77.5%

JSON

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.

OSVersionArchitecturePackageVersionFilename
Debian12allvim< 2:9.0.0813-1vim_2:9.0.0813-1_all.deb
Debian11allvim<= 2:8.2.2434-3+deb11u1vim_2:8.2.2434-3+deb11u1_all.deb
Debian999allvim< 2:9.0.0813-1vim_2:9.0.0813-1_all.deb
Debian13allvim< 2:9.0.0813-1vim_2:9.0.0813-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	vim	< 2:9.0.0813-1	vim_2:9.0.0813-1_all.deb
Debian	11	all	vim	<= 2:8.2.2434-3+deb11u1	vim_2:8.2.2434-3+deb11u1_all.deb
Debian	999	all	vim	< 2:9.0.0813-1	vim_2:9.0.0813-1_all.deb
Debian	13	all	vim	< 2:9.0.0813-1	vim_2:9.0.0813-1_all.deb