CVE-2021-3968
published 2021-11-19CVE-2021-3968: Heap-based Buffer Overflow in vim/vim vim is vulnerable to Heap-based Buffer Overflow
high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
2.08%
79.1th percentile
Heap-based Buffer Overflow in vim/vim
vim is vulnerable to Heap-based Buffer Overflow
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vim | < vim 2:8.2.3995-1 (bookworm) | vim 2:8.2.3995-1 (bookworm) |
| msrc | cbl2_vim_8.2.4081-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_vim_8.2.3668-1_on_cbl_mariner_1.0 | — | — |
| vim | vim_vim | >= unspecified < 8.2.3610 | 8.2.3610 |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.0HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
cvelistv58.0HIGH
vendor_debian8.0LOW
vendor_msrc8.0HIGH
vendor_redhat8.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
Heap-based Buffer Overflow in vim/vim
cvelistv5·2021-11-19·CVSS 8.0
CVE-2021-3968 [HIGH] CWE-122 Heap-based Buffer Overflow in vim/vim
Heap-based Buffer Overflow in vim/vim
vim is vulnerable to Heap-based Buffer Overflow
Red Hat
kernel: HID: amd_sfh: Fix memory leak in amd_sfh_work
vendor_redhat·2024-03-15·CVSS 5.5
CVE-2021-47133 [MEDIUM] CWE-402 kernel: HID: amd_sfh: Fix memory leak in amd_sfh_work
kernel: HID: amd_sfh: Fix memory leak in amd_sfh_work
In the Linux kernel, the following vulnerability has been resolved:
HID: amd_sfh: Fix memory leak in amd_sfh_work
Kmemleak tool detected a memory leak in the amd_sfh driver.
unreferenced object 0xffff88810228ada0 (size 32):
comm "insmod", pid 3968, jiffies 4295056001 (age 775.792s)
hex dump (first 32 bytes):
00 20 73 1f 81 88 ff ff 00 01 00 00 00 00 ad de . s.............
22 01 00 00 00 00 ad de 01 00 02 00 00 00 00 00 "...............
backtrace:
[] kmem_cache_alloc_trace+0x163/0x4f0
[] amd_sfh_get_report+0xa4/0x1d0 [amd_sfh]
[] amdtp_hid_request+0x62/0x80 [amd_sfh]
[] sensor_hub_get_feature+0x145/0x270 [hid_sensor_hub]
[] hid_sensor_parse_common_attributes+0x215/0x460 [hid_sensor_iio_common]
[] hid_accel_3d_probe+0xff/0x4a0 [hid_senso
Red Hat
vim: Heap use-after-free in ml_append_int function
vendor_redhat·2021-11-19·CVSS 8.0
CVE-2021-3968 [HIGH] CWE-119 vim: Heap use-after-free in ml_append_int function
vim: Heap use-after-free in ml_append_int function
vim is vulnerable to Heap-based Buffer Overflow
A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.
Mitigation: Do not run untrusted vim scripts with -s {scriptin} as it is never safe to do so.
Package: rhacm2/openshift-hive-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
Package: vim (Red Hat Enterprise Linux 6) - Not affected
Package: vim (Red Hat Enterprise Linux 7) - Not affected
Package: vim (Red Hat Enterprise Linux 8) - Not affected
Package: vim (Red Hat Enterprise Linux 9) - Fix deferred
Microsoft
Heap-based Buffer Overflow in vim/vim
vendor_msrc·2021-11-09·CVSS 8.0
CVE-2021-3968 [HIGH] CWE-122 Heap-based Buffer Overflow in vim/vim
Heap-based Buffer Overflow in vim/vim
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
@huntrdev: @huntrdev
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft
Debian
CVE-2021-3968: vim - vim is vulnerable to Heap-based Buffer Overflow
vendor_debian·2021·CVSS 8.0
CVE-2021-3968 [HIGH] CVE-2021-3968: vim - vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
Scope: local
bookworm: resolved (fixed in 2:8.2.3995-1)
bullseye: open
forky: resolved (fixed in 2:8.2.3995-1)
sid: resolved (fixed in 2:8.2.3995-1)
trixie: resolved (fixed in 2:8.2.3995-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-19
Published