{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-3927", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2024-08-03T17:09:09.701Z", "dateReserved": "2021-11-04T00:00:00.000Z", "datePublished": "2021-11-05T00:00:00.000Z"}, "containers": {"cna": {"title": "Heap-based Buffer Overflow in vim/vim", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2022-11-08T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "vim is vulnerable to Heap-based Buffer Overflow"}], "affected": [{"vendor": "vim", "product": "vim/vim", "versions": [{"version": "unspecified", "lessThan": "8.2.3581", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0"}, {"url": "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e"}, {"name": "FEDORA-2021-58ab85548d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"}, {"name": "FEDORA-2021-cfadac570a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"}, {"name": "FEDORA-2021-b0ac29efb1", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"}, {"name": "[oss-security] 20220114 Re: 3 new CVE's in vim", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"}, {"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"}, {"name": "GLSA-202208-32", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202208-32"}, {"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow", "cweId": "CWE-122"}]}], "source": {"advisory": "9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.701Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0", "tags": ["x_transferred"]}, {"url": "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e", "tags": ["x_transferred"]}, {"name": "FEDORA-2021-58ab85548d", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"}, {"name": "FEDORA-2021-cfadac570a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"}, {"name": "FEDORA-2021-b0ac29efb1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"}, {"name": "[oss-security] 20220114 Re: 3 new CVE's in vim", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"}, {"name": "[debian-lts-announce] 20220311 [SECURITY] [DLA 2947-1] vim security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"}, {"name": "GLSA-202208-32", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-32"}, {"name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "69450BAC-B528-42AF-A59C-BF29072CE58A", "versionEndExcluding": "8.2.3581", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vim is vulnerable to Heap-based Buffer Overflow"}, {"lang": "es", "value": "vim es vulnerable a un Desbordamiento del B\u00fafer en la regi\u00f3n Heap de la memoria"}], "id": "CVE-2021-3927", "lastModified": "2024-11-21T06:22:47.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.5, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-05T15:15:08.017", "references": [{"source": "security@huntr.dev", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"}, {"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0"}, {"source": "security@huntr.dev", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"}, {"source": "security@huntr.dev", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"}, {"source": "security@huntr.dev", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"}, {"source": "security@huntr.dev", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"}, {"source": "security@huntr.dev", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"}, {"source": "security@huntr.dev", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PGW56Z6IN4UVM3E5RXXF4G7LGGTRBI5C/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-32"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: heap-based buffer overflow in gchar_cursor() in misc1.c", "id": "2021290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021290"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["vim is vulnerable to Heap-based Buffer Overflow", "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so."}, "name": "CVE-2021-3927", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/openshift-hive-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-10-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3927\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3927"], "statement": "This vulnerability can only be exloited if the victim opens a specifically crafter file that will cause the heap to overflow. Considering the mitigations like ASLR available in the Linux kernel and the user interaction required, RH ProdSec has set the Impact of this vulnerability to \"Low\"", "threat_severity": "Low"}

{}