7.8 CVE-2022-3352

Exploit Patch

 

Use After Free in GitHub repository vim/vim prior to 9.0.0614.
https://nvd.nist.gov/vuln/detail/CVE-2022-3352

Categories

CWE-416 : Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Choose a language that provides automatic memory management. When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy. Chain: mobile platform race condition (CWE-362) leading to use-after-free (CWE-416), as exploited in the wild per CISA KEV. Chain: race condition (CWE-362) leads to use-after-free (CWE-416), as exploited in the wild per CISA KEV. Use-after-free triggered by closing a connection while data is still being transmitted. Improper allocation for invalid data leads to use-after-free. certificate with a large number of Subject Alternate Names not properly handled in realloc, leading to use-after-free Timers are not disabled when a related object is deleted Access to a "dead" object that is being cleaned up object is deleted even with a non-zero reference count, and later accessed use-after-free involving request containing an invalid version number unload of an object that is currently being accessed by other functionality incorrectly tracking a reference count leads to use-after-free use-after-free related to use of uninitialized memory HTML document with incorrectly-nested tags Use after free in ActiveX object by providing a malformed argument to a method use-after-free by disconnecting during data transfer, or a message containing incorrect data types disconnect during a large data transfer causes incorrect reference count, leading to use-after-free use-after-free found by fuzzing Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416) realloc generates new buffer and pointer, but previous pointer is still retained, leading to use after free Use-after-free in web browser, probably resultant from not initializing memory. use-after-free when one thread accessed memory that was freed by another thread assignment of malformed values to certain properties triggers use after free mail server does not properly handle a long header. chain: integer overflow leads to use-after-free freed pointer dereference

References

CONFIRM Patch Exploit

FEDORA

FEDORA-2022-40161673a3
Mailing List Third Party Advisory
FEDORA-2022-fff548cfab
Mailing List Third Party Advisory
FEDORA-2022-4bc60c32a2
Mailing List Third Party Advisory

MISC Patch

_MLIST


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:* < 9.0.0614
Configuration 2
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Configuration 3
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Patch

Url
https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60
https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15

Exploits

Exploit-db.com
id description date
No known exploits
Other (github, ...)
Url
https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60

CAPEC

id description severity
No entry

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution