CVE-2022-3705

NameCVE-2022-3705
DescriptionA vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3182-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
vim (PTS)jessie, jessie (lts)2:7.4.488-7+deb8u11vulnerable
stretch (security)2:8.0.0197-4+deb9u7vulnerable
stretch (lts), stretch2:8.0.0197-4+deb9u11vulnerable
buster (security), buster, buster (lts)2:8.1.0875-5+deb10u6fixed
bullseye2:8.2.2434-3+deb11u1vulnerable
bookworm2:9.0.1378-2fixed
sid, trixie2:9.1.0861-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
vimsourcebuster2:8.1.0875-5+deb10u3DLA-3182-1
vimsource(unstable)2:9.0.0813-1unimportant

Notes

https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (v9.0.0805)
Crash in CLI tool, no security impact
[stretch] - vim <ignored> (use after free, testcase does not trigger in valgrind, delayed quickfix freeing infrastructure is entirely missing in stretch)
[jessie] - vim <ignored> (use after free, testcase does not trigger in valgrind, delayed quickfix freeing infrastructure is entirely missing in stretch and earlier)

Search for package or bug name: Reporting problems