Unrated severityNVD Advisory· Published Sep 29, 2022· Updated May 20, 2025

Use After Free in vim/vim

CVE-2022-3352

Description

Use-after-free vulnerability in Vim prior to 9.0.0614 could allow an attacker to cause a denial of service or potentially execute arbitrary code via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free vulnerability in Vim prior to 9.0.0614 could allow an attacker to cause a denial of service or potentially execute arbitrary code via a crafted file.

Vulnerability

A use-after-free vulnerability exists in Vim, the ubiquitous text editor, in versions prior to 9.0.0614. The exact code path and conditions required to trigger the bug are not disclosed in the available references, but the issue resides in the editor's memory management when processing certain file contents.

Exploitation

The available references do not detail the specific exploitation sequence. An attacker would likely need to convince a user to open a specially crafted file in Vim, which could cause the editor to access freed memory. No authentication or special network position is required beyond local file access.

Impact

A successful exploit could lead to a denial of service (crash) or, in more severe cases, arbitrary code execution in the context of the Vim process. The exact impact is not explicitly stated in the references, but use-after-free vulnerabilities in Vim have historically been exploitable for code execution.

Mitigation

The vulnerability is fixed in Vim version 9.0.0614. Users should upgrade to this version or later. The Gentoo security advisory [4] recommends upgrading to >=9.0.1157. No workaround is known for unpatched versions.

References

Multiple Vulnerabilities (GLSA 202305-16) — Gentoo security

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Vim/Vimllm-fuzzy2 versions
<9.0.0614+ 1 more
- (no CPE)range: <9.0.0614
- (no CPE)range: unspecified
osv-coords39 versions
pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.2 pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweed pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1 pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.0.0814-150000.5.28.1+ 38 more
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0626-1.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/mitrevendor-advisory
security.gentoo.org/glsa/202305-16mitrevendor-advisory
lists.debian.org/debian-lts-announce/2022/11/msg00032.htmlmitremailing-list
github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15mitre
huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000