Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-3705
HistoryOct 26, 2022 - 8:15 p.m.

CVE-2022-3705

2022-10-2620:15:10
CWE-416
CWE-119
[email protected]
web.nvd.nist.gov
8
vulnerability
vim
autocmd handler
qf_update_buffer
use after free
remote attack
version 9.0.0805
patch d0fab10ed2a86698937e3c3fed2f10bd9bb5e731
upgrade
vdb-212324

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.5%

JSON

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.

Affected configurations

Nvd
Node
vimvimRange<9.0.0805
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
Node
debiandebian_linuxMatch10.0
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
VendorProductVersionCPE
vimvim*cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Related

nessus 37
osv 3
openvas 30
cvelist 1
amazon 3
slackware 1
ubuntucve 1
redhatcve 1
alpinelinux 1
fedora 3
cbl_mariner 2
prion 1
debiancve 1
cve 1
redos 1
veracode 1
cloudfoundry 1
ubuntu 1
ibm 1
apple 1
debian 1
photon 2
mageia 1
gentoo 1
nessus
nessus
Fedora 36 : 2:vim (2022-06e4f1dd58)
2022-12-21 00:00:00
Amazon Linux 2022 : vim (ALAS2022-2022-251)
2022-12-09 00:00:00
Slackware Linux 15.0 / current vim Vulnerability (SSA:2022-304-01)
2022-11-18 00:00:00
osv
osv
CVE-2022-3705
2022-10-26 20:15:00
vim vulnerabilities
2023-10-09 04:10:20
vim - security update
2022-11-08 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2022-304-01)
2022-11-01 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-06e4f1dd58)
2022-11-06 00:00:00
Fedora: Security Advisory for vim (FEDORA-2022-3d354ef0fb)
2022-11-10 00:00:00
cvelist
cvelist
CVE-2022-3705 vim autocmd quickfix.c qf_update_buffer use after free
2022-10-26 00:00:00
amazon
amazon
Important: vim
2022-12-01 20:32:00
Important: vim
2022-12-01 20:32:00
Important: vim
2023-01-18 20:56:00
slackware
slackware
[slackware-security] vim
2022-10-31 23:46:43
ubuntucve
ubuntucve
CVE-2022-3705
2022-10-26 00:00:00
redhatcve
redhatcve
CVE-2022-3705
2022-11-01 12:26:15
alpinelinux
alpinelinux
CVE-2022-3705
2022-10-26 20:15:10
fedora
fedora
[SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36
2022-11-05 17:00:42
[SECURITY] Fedora 35 Update: vim-9.0.828-1.fc35
2022-11-09 11:27:25
[SECURITY] Fedora 37 Update: vim-9.0.828-1.fc37
2022-11-10 22:58:15
cbl_mariner
cbl_mariner
CVE-2022-3705 affecting package vim 9.0.0614-1
2022-11-24 00:45:40
CVE-2022-3705 affecting package vim for versions less than 9.0.0805-1
2022-11-16 02:26:20
prion
prion
Design/Logic Flaw
2022-10-26 20:15:00
debiancve
debiancve
CVE-2022-3705
2022-10-26 20:15:10
cve
cve
CVE-2022-3705
2022-10-26 20:15:10
redos
redos
ROS-20221103-01
2022-11-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-10-29 07:48:01
cloudfoundry
cloudfoundry
USN-6420-1: Vim vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
ubuntu
ubuntu
Vim vulnerabilities
2023-10-09 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (2)
2024-08-01 17:22:29
apple
apple
About the security content of macOS Ventura 13.2
2023-01-23 00:00:00
debian
debian
[SECURITY] [DLA 3182-1] vim security update
2022-11-08 14:54:53
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0380
2023-04-25 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0568
2023-04-19 00:00:00
mageia
mageia
Updated vim packages fix security vulnerability
2022-11-19 01:50:51
gentoo
gentoo
Vim, gVim: Multiple Vulnerabilities
2023-05-03 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.5%

JSON
Related for NVD:CVE-2022-3705
nessus37osv3openvas30cvelist1amazon3slackware1ubuntucve1redhatcve1alpinelinux1fedora3cbl_mariner2prion1debiancve1cve1redos1veracode1cloudfoundry1ubuntu1ibm1apple1debian1photon2mageia1gentoo1