2025061 – (CVE-2021-3974) CVE-2021-3974 vim: Use after free in regexp_nfa.c

Bug 2025061 (CVE-2021-3974) - CVE-2021-3974 vim: Use after free in regexp_nfa.c

Summary: CVE-2021-3974 vim: Use after free in regexp_nfa.c

Keywords:
Status:	NEW
Alias:	CVE-2021-3974
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2025062 2025404 2025405
Blocks:	2025066
TreeView+	depends on / blocked

Reported:	2021-11-19 19:22 UTC by Pedro Sampaio
Modified:	2025-02-17 22:15 UTC (History)
CC List:	42 users (show)
Fixed In Version:	vim 8.2.3612
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-11-19 19:22:02 UTC

vim is vulnerable to Use After Free in regexp_nfa.c

https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6
https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4

Comment 1 Pedro Sampaio 2021-11-19 19:22:20 UTC

Created vim tracking bugs for this issue:

Affects: fedora-all [bug 2025062]

Note You need to log in before you can comment on or make changes to this bug.

adudiak
alcohan
aprice
bdettelb
caswilli
dfreiber
doconnor
drow
fjansen
gchamoul
gparvin
hkataria
jburrell
jdobes
jforrest
jkoehler
jmitchel
jsamir
jtanner
jwong
karsten
kaycoth
kholdawa
kshier
lcouzens
lphiri
mpierce
mskarbek
njean
orabin
owatkins
pahickey
psegedy
rblanco
rhaigner
stcannon
sthirugn
teagle
vkrizan
vkumar
vmugicag
zdohnal