CVE-2021-3778 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3778
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un desbordamiento del búfer en la región Heap de la memoria A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4 https://lists.fedo • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-3796 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-3796
vim is vulnerable to Use After Free vim es vulnerable a un Uso de memoria Previamente Liberada A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4 https://lists.fedo • CWE-416: Use After Free •
CVE-2020-19144
https://notcve.org/view.php?id=CVE-2020-19144
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "in _TIFFmemcpy" en el componente "tif_unix.c" • http://bugzilla.maptools.org/show_bug.cgi?id=2852 https://gitlab.com/libtiff/libtiff/-/issues/159 https://lists.debian.org/debian-lts-announce/2021/10/msg00004.html https://security.netapp.com/advisory/ntap-20211004-0005 • CWE-787: Out-of-bounds Write •
CVE-2021-3770 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3770
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-37600
https://notcve.org/view.php?id=CVE-2021-37600
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. ** EN DISPUTA ** Un desbordamiento de enteros en util-linux hasta la versión 2.37.1 puede potencialmente causar un desbordamiento de búfer si un atacante fuera capaz de utilizar los recursos del sistema de una manera que lleve a un número grande en el archivo /proc/sysvipc/sem. NOTA: esto es inexplotable en entornos de GNU C Library, y posiblemente en todos los entornos realistas • https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c https://github.com/karelzak/util-linux/issues/1395 https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html https://security.gentoo.org/glsa/202401-08 https://security.netapp.com/advisory/ntap-20210902-0002 • CWE-190: Integer Overflow or Wraparound •