CVE-2022-3037
Use After Free in vim/vim
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
30 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Use After Free in GitHub repository vim/vim prior to 9.0.0322.
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
vim · vim/vimWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bbhttps://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/