CVE-2022-3235

Name

CVE-2022-3235

Description

Use After Free in GitHub repository vim/vim prior to 9.0.0490.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
CONFIRM	https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af
MISC	https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:vim:vim::::::::`	vim	>= None	< 9.0.0490

Source package	Branch	Version	Maintainer	Status
vim	3.16-main	8.2.5000-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.15-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.14-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.13-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable