Vulnerability Details : CVE-2022-3705
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2022-3705
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3705
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3705
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
1.6
|
3.4
|
VulDB | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2022-3705
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: cna@vuldb.com (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- cna@vuldb.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2022-3705
-
https://vuldb.com/?id.212324
CVE-2022-3705 | vim autocmd quickfix.c qf_update_buffer use after freePermissions Required;Third Party Advisory
-
http://seclists.org/fulldisclosure/2023/Jan/19
Full Disclosure: APPLE-SA-2023-01-23-4 macOS Ventura 13.2Third Party Advisory
-
https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731
patch 9.0.0805: filetype autocmd may cause freed memory access · vim/vim@d0fab10 · GitHubPatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/
[SECURITY] Fedora 35 Update: vim-9.0.828-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20221223-0004/
Third Party Advisory
-
https://security.gentoo.org/glsa/202305-16
Vim, gVim: Multiple Vulnerabilities (GLSA 202305-16) — Gentoo security
-
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
[SECURITY] [DLA 3182-1] vim security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/
[SECURITY] Fedora 37 Update: vim-9.0.828-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213605
About the security content of macOS Ventura 13.2 - Apple SupportThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/
[SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to