Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2021-3875

Published: 15/10/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Vim

Vulnerability Summary

A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3778) A use-after-free vulnerability in vim could allow an malicious user to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3796) An out-of-bounds write flaw was found in vim's drawscreen.c win_redr_status() function. This flaw allows an malicious user to trick a user to open a crafted file with specific arguments in vim, triggering an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. (CVE-2021-3872) There's an out-of-bounds read flaw in Vim's ex_docmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability. (CVE-2021-3875) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vim vim

fedoraproject fedora 33

fedoraproject fedora 35

Vendor Advisories

Debian CVElist Bug Report Logs: vim: CVE-2021-3875
Debian Bug report logs - #996593 vim: CVE-2021-3875 Package: src:vim; Maintainer for src:vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Oct 2021 20:27:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version ...
Amazon Linux 2: ALAS2-2021-1728
A flaw was found in vim A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3778) A use-after-free vulnerability in vim could allow an attack ...
Red Hat: CVE-2021-3875
vim is vulnerable to Heap-based Buffer Overflow ...
Arch Linux Issues:
Vim before version 823489 is vulnerable to a heap-based buffer overflow after a search with range ...
Amazon Linux 2022: ALAS2022-2021-001
A flaw was found in vim A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-3778) A use-after-free vulnerability in vim could allow an attack ...

Mailing Lists

Full Disclosure: Re: 3 new CVE's in vim
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: 3 new CVE's in vim <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmith &lt;alancoopersmith () o ...

References

CWE-122https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575fhttp://www.openwall.com/lists/oss-security/2022/01/15/1https://security.gentoo.org/glsa/202208-32https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996593https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2021-1728.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook