CVE-2022-1154

nvd nist

Published: Mar 30, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

Affected (6)

Products: Vim: Vim · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Vim: Vim · Fedoraproject: Fedora · Debian: Debian Linux · Oracle: Communications Cloud Native Core Network Exposure Function

1 product

1 product

1 product

1 product

Communications Cloud Native Core Network Exposure Function

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vim Vim	Before 8.2.4646

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Network Exposure Function	Version 22.1.1

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (18)

https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html

Source: security@huntr.dev

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J/

Source: security@huntr.dev

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL/

Source: security@huntr.dev

https://security.gentoo.org/glsa/202208-32

Source: security@huntr.dev

Third Party Advisory

https://security.gentoo.org/glsa/202305-16

Source: security@huntr.dev

https://www.oracle.com/security-alerts/cpujul2022.html

Source: security@huntr.dev

Third Party Advisory

https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5