Fix of CVE: CVE-2021-3778, CVE-2021-3796

🗓️ 11 Oct 2021 15:13:49Reported by CloudLinuxType

cloudlinux

cloudlinux🔗 repo.cloudlinux.com👁 86 Views

Fix of two CVEs related to crafted input causing vulnerabilitie

Reporter	Title	Published	Views	Family All 178
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	8 Jun 202321:56	–	ibm
Huntr	None in vim/vim	11 Sep 202111:45	–	huntr
Huntr	Heap-based Buffer Overflow in vim/vim	7 Sep 202113:40	–	huntr
Tenable Nessus	Amazon Linux 2022 : vim (ALAS2022-2021-001)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : vim (ALAS-2021-1728)	10 Dec 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : vim (ALAS-2022-1567)	19 Feb 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0031: vim (ALINUX3-SA-2022:0031)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : vim (ALSA-2021:4517)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : vim (CESA-2021:4517)	11 Nov 202100:00	–	nessus
Tenable Nessus	Debian DLA-2876-1 : vim - LTS security update	10 Jan 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Centos	6	x86_64	vim-x11	7.4.629	vim-7.4.629-6.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	vim-minimal	7.4.629	vim-7.4.629-6.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	vim-filesystem	7.4.629	vim-7.4.629-6.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	vim-common	7.4.629	vim-7.4.629-6.el6.cloudlinux.els.src.rpm
Centos	6	x86_64	vim-enhanced	7.4.629	vim-7.4.629-6.el6.cloudlinux.els.src.rpm

Source	Link
errata	www.errata.cloudlinux.com/els6/CLSA-2021-1633965229.html

11 Oct 2021 15:13Current

3.5Low risk

Vulners AI Score3.5

EPSS0.00385

crafted input buffer overflow use-after-free unix