Use After Free The advisory has been revoked - it doesn't affect any version of package vim-debugsource Open this link in a new tab

Threat Intelligence

EPSS 0.45% (75^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RHEL8-VIMDEBUGSOURCE-3092499
published 1 Nov 2022
disclosed 26 Oct 2022

Report a new vulnerability Found a mistake?

Introduced: 26 Oct 2022

CVE-2022-3705 Open this link in a new tab CWE-416 Open this link in a new tab

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream vim-debugsource package and not the vim-debugsource package as distributed by RHEL.

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.

Use After Free The advisory has been revoked - it doesn't affect any version of package vim-debugsource Open this link in a new tab

Threat Intelligence

Introduced: 26 Oct 2022

Amendment

NVD Description

References