Use After Free

2023-10-1904:10:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

use after free

vulnerability

attacker

malicious url

http request

curl command

arbitrary code

vulnerable system

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious URL or by sending a specially crafted HTTP request to a vulnerable web server. The request would contain a specially crafted curl command that would cause the curl library to execute arbitrary code on the vulnerable system.

CPENameOperatorVersion
vim:sideq2:8.2.1913-1+b2
vim:sideq2:8.2.2434-3
vim:edgeeq9.0.1676-r0
vim:edgeeq9.0.1495-r0
vim:edgeeq8.2.3156-r0
vim:edgeeq9.0.1994-r0
vim:edgeeq9.0.0999-r0
vim:edgeeq8.2.4619-r0
vim:edgeeq8.2.2968-r0
vim:edgeeq9.0.0728-r0

Name	Operator	Version
vim:sid	eq	2:8.2.1913-1+b2
vim:sid	eq	2:8.2.2434-3
vim:edge	eq	9.0.1676-r0
vim:edge	eq	9.0.1495-r0
vim:edge	eq	8.2.3156-r0
vim:edge	eq	9.0.1994-r0
vim:edge	eq	9.0.0999-r0
vim:edge	eq	8.2.4619-r0
vim:edge	eq	8.2.2968-r0
vim:edge	eq	9.0.0728-r0