PT-2022-4992 · Vim+7 · Vim+7

Brammool

Published

2022-09-27

Updated

2024-06-15

CVE-2022-3352

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vim versions prior to 9.0.0614

Description The issue is related to a Use After Free vulnerability in the did set string option() function of the Vim text editor. This vulnerability can be exploited by opening a specially crafted file, potentially allowing an attacker to execute arbitrary code or cause a denial of service. The estimated number of potentially affected devices worldwide is not available.

Recommendations For versions prior to 9.0.0614, update to version 9.0.0614 or later to resolve the issue. As a temporary workaround, consider restricting the use of the did set string option() function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-2828

ALT-PU-2022-2911

ALT-PU-2022-2914

ALT-PU-2022-3192

AZL-11062

BDU:2022-06196

CVE-2022-3352

DLA-3204-1

MGASA-2022-0430

OESA-2022-1980

OPENSUSE-SU-2022_4282-1

OPENSUSE-SU-2024:12378-1

SUSE-SU-2022:4282-1

SUSE-SU-2022:4619-1

USN-6420-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

PT-2022-4992 · Vim+7 · Vim+7

CVE-2022-3352

Weakness Enumeration

Related Identifiers

Affected Products

References · 278