CVE-2021-3968
Heap-based Buffer Overflow in vim/vim
In short
A flaw in Vim allows attackers to write data beyond the intended memory boundaries, potentially causing the application to crash or execute malicious code. This happens due to improper memory management when handling certain input.
Technical detail
Heap-based buffer overflow in Vim triggered through malformed input that bypasses boundary checks on heap-allocated memory. Requires user interaction (opening a crafted file), leading to memory corruption, denial of service, or arbitrary code execution depending on exploitation constraints.
Summary generated and translated by AI from the official description.
vim is vulnerable to Heap-based Buffer Overflow
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
vim · vim/vimWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/https://security.gentoo.org/glsa/202208-32http://www.openwall.com/lists/oss-security/2022/01/15/1