CVE-2021-3778
Heap-based Buffer Overflow in vim/vim
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
vim is vulnerable to Heap-based Buffer Overflow
vim es vulnerable a un desbordamiento del búfer en la región Heap de la memoria
A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Brian Carpenter discovered that vim incorrectly handled memory when opening certain files. If a user was tricked into opening a specially crafted file, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-07 CVE Reserved
- 2021-09-15 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-06-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/10/01/1 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20221118-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | < 8.2.3409 Search vendor "Vim" for product "Vim" and version " < 8.2.3409" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||