CVE-2022-2042

Published: Jun 10, 2022Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Use After Free in GitHub repository vim/vim prior to 8.2.

Affected (3)

Products: Vim: Vim · Apple: Macos

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vim Vim	Before 8.2.5072

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 11.7
Apple Macos	From 12.0 to 12.6

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (22)

http://seclists.org/fulldisclosure/2022/Oct/28

Source: security@huntr.dev

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/41

Source: security@huntr.dev

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/43

Source: security@huntr.dev

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/45

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba

Source: security@huntr.dev

ExploitPatchThird Party Advisory

https://security.gentoo.org/glsa/202208-32

Source: security@huntr.dev

Third Party Advisory

https://security.gentoo.org/glsa/202305-16

Source: security@huntr.dev

https://support.apple.com/kb/HT213443

Source: security@huntr.dev

Third Party Advisory

https://support.apple.com/kb/HT213444

Source: security@huntr.dev

Third Party Advisory

https://support.apple.com/kb/HT213488

Source: security@huntr.dev

Third Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/28

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/41

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/43

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Oct/45

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://security.gentoo.org/glsa/202208-32

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202305-16

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT213443

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT213444

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.apple.com/kb/HT213488

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.