Bug 2039687 (CVE-2021-4193) - CVE-2021-4193 vim: out-of-bound read in getvcol()
Summary: CVE-2021-4193 vim: out-of-bound read in getvcol()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-4193
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2039694 2039700 2039702 2039703 2043462
Blocks: 2039688
TreeView+ depends on / blocked
 
Reported: 2022-01-12 08:59 UTC by Cedric Buissart
Modified: 2022-05-17 09:51 UTC (History)
18 users (show)

Fixed In Version: vim 8.2.3950
Doc Type: If docs needed, set a value
Doc Text:
It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory.
Clone Of:
Environment:
Last Closed: 2022-02-01 22:03:54 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:0366 0 None None None 2022-02-01 21:01:06 UTC

Description Cedric Buissart 2022-01-12 08:59:51 UTC 
vim is vulnerable to Out-of-bounds Read

Upstream fix :
https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b
Comment 1 Cedric Buissart 2022-01-12 09:09:32 UTC 
Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2039694]
Comment 5 errata-xmlrpc 2022-02-01 21:01:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0366 https://access.redhat.com/errata/RHSA-2022:0366
Comment 6 Product Security DevOps Team 2022-02-01 22:03:51 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-4193
Note You need to log in before you can comment on or make changes to this bug.