Veracode Vulnerability DatabaseVERACODE:37447Use-After-Free
0.001 Low
EPSS
Percentile
41.0%
vim is vulnerable to use-after-free. The vulnerability is possible because the did_set_string_option refers memory even after it has been freed, leading to a heap use-after-free vulnerability.
References
github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15
huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60
lists.debian.org/debian-lts-announce/2022/11/msg00032.html
lists.fedoraproject.org/archives/list/[email protected]/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
lists.fedoraproject.org/archives/list/[email protected]/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
lists.fedoraproject.org/archives/list/[email protected]/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
secdb.alpinelinux.org/edge/main.yaml
security.gentoo.org/glsa/202305-16
Related
