7.8
CVE-2021-4192
- EPSS 1.73%
- Veröffentlicht 31.12.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:37:06
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
Use After Free in vim/vim
vim is vulnerable to Use After Free
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.73% | 0.746 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| security@huntr.dev | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
http://seclists.org/fulldisclosure/2022/Mar/29
https://support.apple.com/kb/HT213183
https://security.gentoo.org/glsa/202208-32
http://www.openwall.com/lists/oss-security/2022/01/15/1
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
http://seclists.org/fulldisclosure/2022/Jul/14
http://seclists.org/fulldisclosure/2022/May/35
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213343
https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952
https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22