Vulnerability Details : CVE-2022-0156
Potential exploit
vim is vulnerable to Use After Free
Vulnerability category: Memory Corruption
Products affected by CVE-2022-0156
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-0156
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-0156
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
6.8
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
2.5
|
4.2
|
huntr.dev | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-0156
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- nvd@nist.gov (Secondary)
- security@huntr.dev (Primary)
References for CVE-2022-0156
-
https://security.gentoo.org/glsa/202208-32
Vim, gVim: Multiple Vulnerabilities (GLSA 202208-32) — Gentoo securityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/
[SECURITY] Fedora 35 Update: vim-8.2.4068-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/01/15/1
oss-security - Re: 3 new CVE's in vimMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213183
About the security content of macOS Monterey 12.3 - Apple SupportRelease Notes;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Mar/29
Full Disclosure: APPLE-SA-2022-03-14-4 macOS Monterey 12.3Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Jul/13
Full Disclosure: APPLE-SA-2022-07-20-3 macOS Big Sur 11.6.8Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
[SECURITY] Fedora 34 Update: vim-8.2.4068-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213344
About the security content of macOS Big Sur 11.6.8 - Apple SupportThird Party Advisory
-
https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
Use After Free vulnerability found in vimExploit;Patch;Third Party Advisory
-
https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f
patch 8.2.4040: keeping track of allocated lines is too complicated · vim/vim@9f1a39a · GitHubPatch;Third Party Advisory
Jump to