CVE-2022-1616

Published: May 7, 2022Modified: Nov 3, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Affected (7)

Products: Vim: Vim · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Vim: Vim · Fedoraproject: Fedora · Debian: Debian Linux · Apple: Macos

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vim Vim	Before 8.2.4895

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 13.0

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (25)

http://seclists.org/fulldisclosure/2022/Oct/28

Source: security@huntr.dev

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/41

Source: security@huntr.dev

Mailing ListRelease NotesThird Party Advisory

https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/

Source: security@huntr.dev

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/

Source: security@huntr.dev

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/

Source: security@huntr.dev

https://security.gentoo.org/glsa/202208-32

Source: security@huntr.dev

Third Party Advisory

https://security.gentoo.org/glsa/202305-16

Source: security@huntr.dev

https://support.apple.com/kb/HT213488

Source: security@huntr.dev

Release NotesThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/28