PT-2022-4868 · Vim+7 · Vim+7

Brammool

Published

2022-09-14

Updated

2024-06-15

CVE-2022-3235

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vim versions prior to 9.0.0490

Description The issue is related to a Use After Free condition in the getcmdline int() function of the Vim text editor, which involves the use of memory after it has been freed. This can be exploited by an attacker to cause a denial of service or execute arbitrary code by opening a specially crafted malicious file.

Recommendations For versions prior to 9.0.0490, update to version 9.0.0490 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the getcmdline int() function until a patch is available. Restrict access to potentially malicious files to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-2828

ALT-PU-2022-2911

ALT-PU-2022-2914

ALT-PU-2022-3192

AZL-10979

BDU:2022-05992

CVE-2022-3235

DLA-3204-1

MGASA-2022-0430

OESA-2022-1975

OPENSUSE-SU-2022_4282-1

OPENSUSE-SU-2024:12352-1

SUSE-SU-2022:4282-1

SUSE-SU-2022:4619-1

USN-6420-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2022-4868 · Vim+7 · Vim+7

CVE-2022-3235

Weakness Enumeration

Related Identifiers

Affected Products

References · 281