CVE-2022-3705
Summary
| CVE | CVE-2022-3705 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-10-26 20:15:00 UTC |
|---|
| Updated | 2023-11-07 03:51:00 UTC |
|---|
| Description | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Full Disclosure: APPLE-SA-2023-01-23-4 macOS Ventura 13.2 |
FULLDISC |
seclists.org |
|
| [SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3182-1] vim security update |
MLIST |
lists.debian.org |
|
| CVE-2022-3705 | vim autocmd quickfix.c qf_update_buffer use after free |
MISC |
vuldb.com |
|
| [SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Vim, gVim: Multiple Vulnerabilities (GLSA 202305-16) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| patch 9.0.0805: filetype autocmd may cause freed memory access · vim/vim@d0fab10 · GitHub |
MISC |
github.com |
|
| CVE-2022-3705 Vim Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| [SECURITY] Fedora 37 Update: vim-9.0.828-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: vim-9.0.828-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| About the security content of macOS Ventura 13.2 - Apple Support |
CONFIRM |
support.apple.com |
|
| [SECURITY] Fedora 35 Update: vim-9.0.828-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: vim-9.0.828-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181198 Debian Security Update for vim (DLA 3182-1)
- 182211 Debian Security Update for vim (CVE-2022-3705)
- 199815 Ubuntu Security Notification for Vim Vulnerabilities (USN-6420-1)
- 283284 Fedora Security Update for vim (FEDORA-2022-06e4f1dd58)
- 283292 Fedora Security Update for vim (FEDORA-2022-3d354ef0fb)
- 283438 Fedora Security Update for vim (FEDORA-2022-4bc60c32a2)
- 354117 Amazon Linux Security Advisory for vim : ALAS2-2022-1902
- 354278 Amazon Linux Security Advisory for vim : ALAS2022-2022-251
- 354461 Amazon Linux Security Advisory for vim : ALAS-2022-251
- 354555 Amazon Linux Security Advisory for vim : ALAS-2022-251
- 354688 Amazon Linux Security Advisory for vim : ALAS-2023-1663
- 355073 Amazon Linux Security Advisory for vim : AL2012-2023-397
- 355135 Amazon Linux Security Advisory for vim : ALAS2023-2023-098
- 377927 Apple macOS Ventura 13.2 Not Installed (HT213605)
- 502810 Alpine Linux Security Update for vim
- 672488 EulerOS Security Update for vim (EulerOS-SA-2023-1050)
- 672500 EulerOS Security Update for vim (EulerOS-SA-2023-1025)
- 672545 EulerOS Security Update for vim (EulerOS-SA-2023-1116)
- 672558 EulerOS Security Update for vim (EulerOS-SA-2023-1140)
- 672583 EulerOS Security Update for vim (EulerOS-SA-2023-1342)
- 672642 EulerOS Security Update for vim (EulerOS-SA-2023-1403)
- 672655 EulerOS Security Update for vim (EulerOS-SA-2023-1375)
- 672702 EulerOS Security Update for vim (EulerOS-SA-2023-1518)
- 710718 Gentoo Linux Vim, gVim Multiple Vulnerabilities (GLSA 202305-16)
- 752947 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2022:4282-1)
- 753066 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2022:4619-1)
- 753073 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2022:4631-1)
- 753603 SUSE Enterprise Linux Security Update for vim (SUSE-SU-2023:0209-1)
- 904352 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11362)
- 904359 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11358)
- 904495 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11358-1)
- 904515 Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11362-1)
