CVE-2021-3968: Heap-based Buffer Overflow in vim/vim
First published: Fri Nov 19 2021(Updated: )
vim is vulnerable to Heap-based Buffer Overflow
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Vim | >=8.2.3430<8.2.3610 | |
| Fedora | =34 | |
| Fedora | =35 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2022/01/15/1
- https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69
- https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/
- https://security.gentoo.org/glsa/202208-32
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/
Frequently Asked Questions
What is the severity of CVE-2021-3968?
CVE-2021-3968 is classified as a high-severity vulnerability due to its potential for exploitation through heap-based buffer overflow.
How do I fix CVE-2021-3968?
To fix CVE-2021-3968, update Vim to version 8.2.3611 or later, which addresses the buffer overflow vulnerability.
Which versions of Vim are affected by CVE-2021-3968?
CVE-2021-3968 affects Vim versions from 8.2.3430 to 8.2.3610 inclusive.
What can attackers do with CVE-2021-3968?
Attackers can exploit CVE-2021-3968 to execute arbitrary code on the vulnerable system, posing significant security risks.
Is CVE-2021-3968 specific to certain operating systems?
Yes, CVE-2021-3968 specifically affects Fedora 34 and 35 as well as various versions of Vim across multiple platforms.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/vim
- canonical/suse vim
- version/suse vim/8.2.3430
- vendor/fedoraproject
- canonical/fedora
- version/fedora/34
- version/fedora/35