CVE-2022-3705

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.0.0805
debiandebian_linux
10.0
netappactive_iq_unified_manager
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
2:9.0.1378-2
fixed
bullseye
unimportant
sid
2:9.1.0777-1
fixed
trixie
2:9.1.0777-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
bionic
ignored
focal
Fixed 2:8.1.2269-1ubuntu5.18
released
jammy
Fixed 2:8.2.3995-1ubuntu2.12
released
kinetic
ignored
lunar
not-affected
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise sap 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise server 12 SP2
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP3
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP4
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise server 15
9.0.0814-150000.5.28.1
fixed
suse enterprise server 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP3
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP4
9.0.1040-150000.5.31.1
fixed
vim
suse enterprise desktop 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise desktop 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise desktop 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise desktop 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise desktop 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise sap 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise sap 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise sap 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise sap 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise sap 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise server 12 SP2
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP3
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP4
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise server 15
9.0.0814-150000.5.28.1
fixed
suse enterprise server 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP3
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise server 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise server 15 SP7
9.1.1176-150500.20.24.2
fixed
vim-data
suse enterprise desktop 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise desktop 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise desktop 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise desktop 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise desktop 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise sap 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise sap 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise sap 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise sap 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise sap 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise server 12 SP2
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP3
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP4
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise server 15
9.0.0814-150000.5.28.1
fixed
suse enterprise server 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP3
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise server 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise server 15 SP7
9.1.1176-150500.20.24.2
fixed
vim-data-common
suse enterprise desktop 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise desktop 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise desktop 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise desktop 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise desktop 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise sap 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise sap 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise sap 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise sap 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise sap 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise server 12 SP2
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP3
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP4
9.0.1234-17.12.1
fixed
suse enterprise server 12 SP5
9.0.1234-17.12.1
fixed
suse enterprise server 15
9.0.0814-150000.5.28.1
fixed
suse enterprise server 15 SP1
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP2
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP3
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise server 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise server 15 SP7
9.1.1176-150500.20.24.2
fixed
vim-small
suse enterprise desktop 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise desktop 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise desktop 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise desktop 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise desktop 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise sap 15 SP3
9.0.0814-150000.5.28.1
fixed
suse enterprise sap 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise sap 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise sap 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise sap 15 SP7
9.1.1176-150500.20.24.2
fixed
suse enterprise server 15 SP3
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP4
9.0.1040-150000.5.31.1
fixed
suse enterprise server 15 SP5
9.0.1443-150500.18.1
fixed
suse enterprise server 15 SP6
9.1.0330-150500.20.12.1
fixed
suse enterprise server 15 SP7
9.1.1176-150500.20.24.2
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
vim-X11
Amazon Linux 2
2:9.0.828-1.amzn2.0.1
fixed
vim-common
Amazon Linux 1
2:9.0.828-1.1.amzn1
fixed
Amazon Linux 2
2:9.0.828-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-common-debuginfo
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-data
Amazon Linux 1
2:9.0.828-1.1.amzn1
fixed
Amazon Linux 2
2:9.0.828-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-debuginfo
Amazon Linux 1
2:9.0.828-1.1.amzn1
fixed
Amazon Linux 2
2:9.0.828-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-debugsource
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-default-editor
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-enhanced
Amazon Linux 1
2:9.0.828-1.1.amzn1
fixed
Amazon Linux 2
2:9.0.828-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-enhanced-debuginfo
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-filesystem
Amazon Linux 1
2:9.0.828-1.1.amzn1
fixed
Amazon Linux 2
2:9.0.828-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-minimal
Amazon Linux 1
2:9.0.828-1.1.amzn1
fixed
Amazon Linux 2
2:9.0.828-1.amzn2.0.1
fixed
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
vim-minimal-debuginfo
Amazon Linux 2023
2:9.0.1160-1.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
vim
CBL-Mariner 1.0
0:9.0.0805-1.cm1
fixed
CBL-Mariner 2.0
0:9.0.0805-1.cm2
fixed