Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2021-3872

Published: 19/10/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Vim

Vulnerability Summary

A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3778) A use-after-free vulnerability in vim could allow an malicious user to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3796) An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an malicious user to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-3872) There's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability. (CVE-2021-3875) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vim vim

fedoraproject fedora 33

fedoraproject fedora 35

debian debian linux 9.0

Vendor Advisories

Amazon Linux 2: ALAS2-2021-1728
A flaw was found in vim A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3778) A use-after-free vulnerability in vim could allow an attack ...
Red Hat: Moderate: OpenShift Logging bug fix and security update (5.3.5)
Synopsis Moderate: OpenShift Logging bug fix and security update (535) Type/Severity Security Advisory: Moderate Topic OpenShift Logging bug fix and security update (535)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed se ...
Red Hat: Moderate: vim security update
Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for vim is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security i ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 13Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview
Synopsis Important: Release of containers for OSP 162 director operator tech preview Type/Severity Security Advisory: Important Topic Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview Description Release osp-director-operator imagesSecurity Fix(es): golang: net/http: limit growth of h ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes
Synopsis Important: Red Hat Advanced Cluster Management 236 security updates and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 236 General Availabilityrelease images, which provide security updates and bug fixes Description Red Hat Advanced Cluster Management for Kubernete ...
Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes
Synopsis Important: Red Hat Advanced Cluster Management 242 security updates and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 242 General Availabilityrelease images This update provides security fixes, fixes bugs, and updates the container imagesRed Hat Product Security ha ...
Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update
Synopsis Moderate: Red Hat Single Sign-On 7410 on OpenJ9 for OpenShift image security update Type/Severity Security Advisory: Moderate Topic A new image is available for Red Hat Single Sign-On 7410 on OpenJ9, running on OpenShift Container Platform 310 and 311, and 43Red Hat Product Security has rated this update as having a security ...
Red Hat: Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update
Synopsis Moderate: Red Hat Single Sign-On 7410 on OpenJDK for OpenShift image security update Type/Severity Security Advisory: Moderate Topic A new image is available for Red Hat Single Sign-On 7410 on OpenJDK, running on OpenShift Container Platform 310 and 311, and 43Red Hat Product Security has rated this update as having a securit ...
Red Hat: CVE-2021-3872
vim is vulnerable to Heap-based Buffer Overflow ...
Arch Linux Issues:
Vim before version 823487 is vulnerable to a heap-based buffer overflow if a Vim buffer name is very long ...
Amazon Linux 2022: ALAS2022-2021-001
A flaw was found in vim A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3778) A use-after-free vulnerability in vim could allow an attack ...

References

CWE-122https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14bhttps://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8https://lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlhttps://security.gentoo.org/glsa/202208-32https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2021-1728.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgeryCVE-2024-34351CVE-2024-1076CVE-2024-25522CVE-2024-34547CVE-2024-4644unauthorizedremoteCVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook