CVE-2022-3099

Name

CVE-2022-3099

Description

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
CONFIRM	https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
MISC	https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/
MLIST	https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:vim:vim::::::::`	vim	>= None	< 9.0.0360

Source package	Branch	Version	Maintainer	Status
vim	3.16-main	8.2.5000-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.15-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.14-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.13-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable