CVE-2022-3705

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions vim versions prior to 9.0.0805

Description A vulnerability was found in the function qf update buffer of the file quickfix.c of the component autocmd Handler, which leads to use after free. The attack may be launched remotely, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations To address this issue, upgrade to version 9.0.0805 or later. As a temporary workaround, consider disabling the qf update buffer function until a patch is available. Restrict access to the affected component to minimize the risk of exploitation.

Fix

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

ALT-PU-2022-2980

ALT-PU-2022-3057

ALT-PU-2022-3165

ALT-PU-2022-3192

AZL-11358

BDU:2022-06663

CVE-2022-3705

DLA-3182-1

MGASA-2022-0430

OESA-2022-2043

OPENSUSE-SU-2022_4282-1

OPENSUSE-SU-2022_4631-1

SUSE-SU-2022:4282-1

SUSE-SU-2022:4619-1

SUSE-SU-2022:4631-1

SUSE-SU-2023:0209-1

USN-6420-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Apple Macos

Red Os

Suse

Ubuntu

Vim

CVE-2022-3705

Weakness Enumeration

Related Identifiers

Affected Products

References · 309