Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.3
CVSSv3

CVE-2021-3796

Published: 15/09/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.3 | Impact Score: 5.5 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Vim

Vulnerability Summary

A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3778) A use-after-free vulnerability in vim could allow an malicious user to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3796) An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an malicious user to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-3872) There's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability. (CVE-2021-3875) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vim vim

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

debian debian linux 9.0

netapp ontap select deploy administration utility -

Vendor Advisories

Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update
Synopsis Moderate: Red Hat OpenShift distributed tracing 210 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Openshit distributed tracing 21Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Debian CVElist Bug Report Logs: vim: CVE-2021-3796
Debian Bug report logs - #994497 vim: CVE-2021-3796 Package: src:vim; Maintainer for src:vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 16 Sep 2021 18:45:04 UTC Severity: important Tags: security, upstream Found in version vim/2:822434- ...
Amazon Linux 2: ALAS2-2021-1728
A flaw was found in vim A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3778) A use-after-free vulnerability in vim could allow an attack ...
Red Hat: CVE-2021-3796
vim is vulnerable to Use After Free ...
Arch Linux Issues:
vim before version 823428 is vulnerable to a use after free when replacing ...
Amazon Linux 2022: ALAS2022-2021-001
A flaw was found in vim A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3778) A use-after-free vulnerability in vim could allow an attack ...

References

CWE-416https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008dhttp://www.openwall.com/lists/oss-security/2021/10/01/1https://lists.debian.org/debian-lts-announce/2022/01/msg00003.htmlhttps://security.gentoo.org/glsa/202208-32https://security.netapp.com/advisory/ntap-20221118-0004/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/https://access.redhat.com/errata/RHSA-2022:0318https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2021-1728.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook