Candidate: CVE-2021-3875
PublicDate: 2021-10-15 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3875
 https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/
 https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489)
 https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53
 https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f
Description:
 vim is vulnerable to Heap-based Buffer Overflow
Ubuntu-Description:
Notes:
 sespiros> introduced by v8.2.3110:
 sespiros> https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996593
Priority: medium
Discovered-by:
Assigned-to: sespiros
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_vim:
 upstream: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f
upstream_vim: released (v8.2.3489)
trusty/esm_vim: not-affected (2:7.4.052-1ubuntu3.1+esm3)
esm-infra/xenial_vim: not-affected (2:7.4.1689-3ubuntu1.5+esm2)
trusty_vim: ignored (out of standard support)
xenial_vim: ignored (out of standard support)
bionic_vim: not-affected (2:8.0.1453-1ubuntu1.6)
focal_vim: not-affected (2:8.1.2269-1ubuntu5.3)
hirsute_vim: not-affected (2:8.2.2434-1ubuntu1.1)
impish_vim: not-affected (2:8.2.2434-3ubuntu3)
jammy_vim: released (2:8.2.3565-1ubuntu2)
devel_vim: released (2:8.2.3565-1ubuntu2)