CVE-2022-3591: 
NixOS vulnerability analysis and mitigation

A Use After Free vulnerability was discovered in the Vim text editor repository (vim/vim) affecting versions prior to 9.0.0789. The vulnerability was assigned CVE-2022-3591 and was publicly disclosed in October 2022 (CVE MITRE).

The vulnerability is classified as a Use After Free issue that occurs when attempting to navigate to a dummy buffer. The issue was addressed in version 9.0.0789 by implementing a fix that disallows navigating to dummy buffers. The vulnerability has a CVSS 3.1 Base Score of 7.8 (High), with the following metrics: Attack Vector: Local, Attack Complexity: Low, Privileges Required: None, User Interaction: Required, Scope: Unchanged, and High impact on Confidentiality, Integrity, and Availability (Ubuntu Security).

The vulnerability could potentially lead to system crashes and denial of service conditions when exploited. Red Hat Product Security has rated this issue as having a Low security impact, noting that exploitation requires running an untrusted file in script mode (Red Hat Portal).

The vulnerability was patched in Vim version 9.0.0789 with a fix that prevents navigation to dummy buffers. The fix was implemented through commit 8f3c3c6 in the Vim repository. Various Linux distributions have released security updates to address this vulnerability, including Ubuntu, Debian, and Gentoo (GitHub Commit).