Vulnerability CVE-2021-4019: Information

Description

vim is vulnerable to Heap-based Buffer Overflow

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-4019

Published: Dec. 1, 2021

Modified: Nov. 7, 2023

Error type identifier: CWE-122

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
vim	sisyphus	8.2.4141-alt1	9.1.0050-alt3	ALT-PU-2022-1087-1	293750	Fixed
vim	sisyphus_e2k	8.2.4146-alt1	9.1.0050-alt3	ALT-PU-2022-3731-1	-	Fixed
vim	sisyphus_riscv64	8.2.4146-alt1	9.1.0050-alt3	ALT-PU-2022-3725-1	-	Fixed
vim	p10	8.2.4784-alt1	9.1.0050-alt3	ALT-PU-2022-1731-1	298398	Fixed
vim	p10_e2k	8.2.4784-alt1	9.1.0050-alt3	ALT-PU-2022-4676-1	-	Fixed
vim	p9	8.2.4784-alt1	9.0.0827-alt1	ALT-PU-2022-1771-1	298486	Fixed
vim	p9_e2k	8.2.5019-alt1	9.0.0827-alt1	ALT-PU-2022-5186-1	-	Fixed
vim	c10f1	8.2.4784-alt1	9.1.0050-alt2	ALT-PU-2022-1731-1	298398	Fixed
vim	c9f2	8.2.4747-alt1	9.1.0050-alt2	ALT-PU-2022-1711-1	298484	Fixed
vim	p11	8.2.4141-alt1	9.1.0050-alt3	ALT-PU-2022-1087-1	293750	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142	Patch Third Party Advisory
https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92	Exploit Third Party Advisory
[oss-security] 20220114 Re: 3 new CVE's in vim	Mailing List Third Party Advisory
[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update	Mailing List Third Party Advisory
GLSA-202208-32	Third Party Advisory
[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update	Mailing List Third Party Advisory
FEDORA-2021-469afb66c9
FEDORA-2021-b0ac29efb1

Affected configurations:
1. Configuration 1
  cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
  End excliding
  8.2.3669
  
  Configuration 2
  cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla

Version: v24.5.3