6.8

CVE-2022-0156

Exploit

Use After Free in vim/vim

vim is vulnerable to Use After Free
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VimVim Version < 8.2.4040
FedoraprojectFedora Version34
FedoraprojectFedora Version35
ApplemacOS Version < 12.3
ApplemacOS Version >= 11.0 < 11.6.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.72% 0.745
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
security@huntr.dev 6.8 2.5 4.2
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://seclists.org/fulldisclosure/2022/Mar/29
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213183
Third Party Advisory
Release Notes
https://security.gentoo.org/glsa/202208-32
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
http://seclists.org/fulldisclosure/2022/Jul/13
Third Party Advisory
Mailing List
https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f
Patch
Third Party Advisory
https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
Patch
Third Party Advisory
Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/
https://support.apple.com/kb/HT213344
Third Party Advisory