2004621 – (CVE-2021-3778) CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c

Bug 2004621 (CVE-2021-3778) - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c

Summary: CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-3778
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2007112 2004622 2004890 2004891 2004892 2004893 2004895 2004896 2004897 2004898 2007111 2007113 2007114
Blocks:	2004623
TreeView+	depends on / blocked

Reported:	2021-09-15 16:57 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-09-26 18:23 UTC (History)
CC List:	17 users (show)
Fixed In Version:	vim 8.2.3409
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed:	2021-12-08 10:04:51 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4517	0	None	None	None	2021-11-09 19:04:17 UTC

Description Guilherme de Almeida Suckevicz 2021-09-15 16:57:37 UTC

vim is vulnerable to Heap-based Buffer Overflow.

Reference:
https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273

Upstream patch:
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f

Comment 25 errata-xmlrpc 2021-11-09 19:04:15 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4517 https://access.redhat.com/errata/RHSA-2021:4517

Comment 26 Product Security DevOps Team 2021-12-08 10:04:49 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3778

Note You need to log in before you can comment on or make changes to this bug.