Use After Free Affecting vim/vim package, versions [,8.2.3902)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.1% (41st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-VIMVIM-2934710
- published 23 Jun 2022
- disclosed 23 Jun 2022
- credit Rick de Jager
Introduced: 23 Jun 2022
CVE-2021-4173 Open this link in a new tabHow to fix?
Upgrade vim/vim to version 8.2.3902 or higher.
Overview
Affected versions of this package are vulnerable to Use After Free via the nested functions, by adding another command directly after an enddef token using the | operator.