Lucene search

K

Redhat.comRH:CVE-2022-3297

HistorySep 26, 2022 - 12:19 p.m.

CVE-2022-3297

2022-09-2612:19:23

redhat.com

access.redhat.com

14

vim

heap use-after-free

vulnerability

code execution

memory corruption

specially crafted files

process_next_cpt_value

mitigation

untrusted vim scripts

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

47.2%

A heap use-after-free vulnerability was found in Vim’s process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when ‘tagfunc’ wipes out the buffer that holds ‘complete.’ This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

References

bugzilla.redhat.com/show_bug.cgi?id=2129838

huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c

nvd.nist.gov/vuln/detail/CVE-2022-3297

www.cve.org/CVERecord?id=CVE-2022-3297

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

47.2%

Related for RH:CVE-2022-3297

cbl_mariner2 nvd1 cvelist1 huntr1 nessus28 veracode1 alpinelinux1 debiancve1 cve1 ubuntucve1 cnvd1 prion1 redos1 openvas24 fedora3 osv1 ubuntu1 cloudfoundry1 ibm1 amazon1 mageia1 photon2 gentoo1 avleonov1