Lucene search

K
redhatcveRedhat.comRH:CVE-2022-3016
HistorySep 05, 2022 - 9:47 a.m.

CVE-2022-3016

2022-09-0509:47:42
redhat.com
access.redhat.com
22
cve-2022-3016
vim
heap use-after-free
vulnerability
get_next_valid_entry()
src/quickfix.c
autocmd
crafted file
attack
application crash
code execution
memory corruption
mitigation
untrusted vim scripts

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.3%

A heap use-after-free vulnerability was found in vim’s get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.

Mitigation

Untrusted vim scripts with -s [scriptin] are not recommended to run.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.3%