{"api_version":"1","generated_at":"2026-04-23T01:00:29+00:00","cve":"CVE-2022-3705","urls":{"html":"https://cve.report/CVE-2022-3705","api":"https://cve.report/api/cve/CVE-2022-3705.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-3705","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-3705"},"summary":{"title":"CVE-2022-3705","description":"A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2022-10-26 20:15:00","updated_at":"2023-11-07 03:51:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2023/Jan/19","name":"20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2023-01-23-4 macOS Ventura 13.2","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/","name":"FEDORA-2022-06e4f1dd58","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html","name":"[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3182-1] vim security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?id.212324","name":"https://vuldb.com/?id.212324","refsource":"MISC","tags":[],"title":"CVE-2022-3705 | vim autocmd quickfix.c qf_update_buffer use after free","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/","name":"FEDORA-2022-06e4f1dd58","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: vim-9.0.828-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202305-16","name":"GLSA-202305-16","refsource":"GENTOO","tags":[],"title":"Vim, gVim: Multiple Vulnerabilities (GLSA 202305-16) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731","name":"https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731","refsource":"MISC","tags":[],"title":"patch 9.0.0805: filetype autocmd may cause freed memory access · vim/vim@d0fab10 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20221223-0004/","name":"https://security.netapp.com/advisory/ntap-20221223-0004/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-3705 Vim Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/","name":"FEDORA-2022-4bc60c32a2","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: vim-9.0.828-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/","name":"FEDORA-2022-3d354ef0fb","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: vim-9.0.828-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213605","name":"https://support.apple.com/kb/HT213605","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Ventura 13.2 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/","name":"FEDORA-2022-3d354ef0fb","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: vim-9.0.828-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/","name":"FEDORA-2022-4bc60c32a2","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: vim-9.0.828-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-3705","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3705","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"3705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vim","cpe5":"vim","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-3705","qid":"181198","title":"Debian Security Update for vim (DLA 3182-1)"},{"cve":"CVE-2022-3705","qid":"182211","title":"Debian Security Update for vim (CVE-2022-3705)"},{"cve":"CVE-2022-3705","qid":"199815","title":"Ubuntu Security Notification for Vim Vulnerabilities (USN-6420-1)"},{"cve":"CVE-2022-3705","qid":"283284","title":"Fedora Security Update for vim (FEDORA-2022-06e4f1dd58)"},{"cve":"CVE-2022-3705","qid":"283292","title":"Fedora Security Update for vim (FEDORA-2022-3d354ef0fb)"},{"cve":"CVE-2022-3705","qid":"283438","title":"Fedora Security Update for vim (FEDORA-2022-4bc60c32a2)"},{"cve":"CVE-2022-3705","qid":"354117","title":"Amazon Linux Security Advisory for vim : ALAS2-2022-1902"},{"cve":"CVE-2022-3705","qid":"354278","title":"Amazon Linux Security Advisory for vim : ALAS2022-2022-251"},{"cve":"CVE-2022-3705","qid":"354461","title":"Amazon Linux Security Advisory for vim : ALAS-2022-251"},{"cve":"CVE-2022-3705","qid":"354555","title":"Amazon Linux Security Advisory for vim : ALAS-2022-251"},{"cve":"CVE-2022-3705","qid":"354688","title":"Amazon Linux Security Advisory for vim : ALAS-2023-1663"},{"cve":"CVE-2022-3705","qid":"355073","title":"Amazon Linux Security Advisory for vim : AL2012-2023-397"},{"cve":"CVE-2022-3705","qid":"355135","title":"Amazon Linux Security Advisory for vim : ALAS2023-2023-098"},{"cve":"CVE-2022-3705","qid":"377927","title":"Apple macOS Ventura 13.2 Not Installed (HT213605)"},{"cve":"CVE-2022-3705","qid":"502810","title":"Alpine Linux Security Update for vim"},{"cve":"CVE-2022-3705","qid":"672488","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1050)"},{"cve":"CVE-2022-3705","qid":"672500","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1025)"},{"cve":"CVE-2022-3705","qid":"672545","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1116)"},{"cve":"CVE-2022-3705","qid":"672558","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1140)"},{"cve":"CVE-2022-3705","qid":"672583","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1342)"},{"cve":"CVE-2022-3705","qid":"672642","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1403)"},{"cve":"CVE-2022-3705","qid":"672655","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1375)"},{"cve":"CVE-2022-3705","qid":"672702","title":"EulerOS Security Update for vim (EulerOS-SA-2023-1518)"},{"cve":"CVE-2022-3705","qid":"710718","title":"Gentoo Linux Vim, gVim Multiple Vulnerabilities (GLSA 202305-16)"},{"cve":"CVE-2022-3705","qid":"752947","title":"SUSE Enterprise Linux Security Update for vim (SUSE-SU-2022:4282-1)"},{"cve":"CVE-2022-3705","qid":"753066","title":"SUSE Enterprise Linux Security Update for vim (SUSE-SU-2022:4619-1)"},{"cve":"CVE-2022-3705","qid":"753073","title":"SUSE Enterprise Linux Security Update for vim (SUSE-SU-2022:4631-1)"},{"cve":"CVE-2022-3705","qid":"753603","title":"SUSE Enterprise Linux Security Update for vim (SUSE-SU-2023:0209-1)"},{"cve":"CVE-2022-3705","qid":"904352","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11362)"},{"cve":"CVE-2022-3705","qid":"904359","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11358)"},{"cve":"CVE-2022-3705","qid":"904495","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11358-1)"},{"cve":"CVE-2022-3705","qid":"904515","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11362-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-3705","TITLE":"vim autocmd quickfix.c qf_update_buffer use after free","REQUESTER":"cna@vuldb.com","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"generator":"vuldb.com","affects":{"vendor":{"vendor_data":[{"vendor_name":"","product":{"product_data":[{"product_name":"vim","version":{"version_data":[{"version_value":"n/a"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-119 Memory Corruption -> CWE-416 Use After Free"}]}]},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324."}]},"impact":{"cvss":{"version":"3.1","baseScore":"5.0","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}},"references":{"reference_data":[{"url":"https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731","refsource":"MISC","name":"https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731"},{"url":"https://vuldb.com/?id.212324","refsource":"MISC","name":"https://vuldb.com/?id.212324"},{"refsource":"FEDORA","name":"FEDORA-2022-06e4f1dd58","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"},{"refsource":"FEDORA","name":"FEDORA-2022-3d354ef0fb","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/"},{"refsource":"FEDORA","name":"FEDORA-2022-4bc60c32a2","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20221223-0004/","url":"https://security.netapp.com/advisory/ntap-20221223-0004/"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213605","url":"https://support.apple.com/kb/HT213605"},{"refsource":"FULLDISC","name":"20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2","url":"http://seclists.org/fulldisclosure/2023/Jan/19"},{"refsource":"GENTOO","name":"GLSA-202305-16","url":"https://security.gentoo.org/glsa/202305-16"}]}},"nvd":{"publishedDate":"2022-10-26 20:15:00","lastModifiedDate":"2023-11-07 03:51:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndExcluding":"9.0.0805","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}