Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3705

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.

Published

2022-10-26T20:15:10.820

Last Modified

2024-11-21T07:20:04.543

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Primary
CWE-119
Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vim	vim	< 9.0.0805	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	debian	debian_linux	10.0	Yes
Application	netapp	active_iq_unified_manager	-	Yes

References

http://seclists.org/fulldisclosure/2023/Jan/19 Third Party Advisory ([email protected])
https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/ ([email protected])
https://security.gentoo.org/glsa/202305-16 ([email protected])
https://security.netapp.com/advisory/ntap-20221223-0004/ Third Party Advisory ([email protected])
https://support.apple.com/kb/HT213605 Third Party Advisory ([email protected])
https://vuldb.com/?id.212324 Permissions Required, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2023/Jan/19 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202305-16 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20221223-0004/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213605 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.212324 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)