CVE-2021-4166

🗓️ 25 Dec 2021 18:15:09Reported by @huntrdevType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 241 Views

vim vulnerable to Out-of-bounds Read (CVE-2021-4166

Reporter	Title	Published	Views	Family All 120
Huntr	in vim/vim	23 Dec 202116:32	–	huntr
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues	8 Aug 202417:27	–	ibm
IBM Security Bulletins	Security Bulletin: EDB PGAI Databases is affected by Multiple Vulnerabilities.	7 Apr 202613:55	–	ibm
Tenable Nessus	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-014)	11 Dec 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-155)	20 Oct 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : vim, --advisory ALAS2-2022-1743 (ALAS-2022-1743)	14 Feb 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : vim (ALAS-2022-1557)	20 Jan 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : vim (EulerOS-SA-2022-1363)	28 Mar 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1441)	18 Apr 202200:00	–	nessus

NVD

Node

vim vimRange<8.2.3884

Node

redhat enterprise_linuxMatch8.0

Node

opensuse factoryMatch-

suse linux_enterpriseMatch12.0

suse linux_enterpriseMatch15.0

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

fedoraproject fedoraMatch34

fedoraproject fedoraMatch35

Node

apple mac_os_xMatch10.15.7

apple mac_os_xMatch10.15.7security_update_2020-001

apple mac_os_xMatch10.15.7security_update_2021-001

apple mac_os_xMatch10.15.7security_update_2021-002

apple mac_os_xMatch10.15.7security_update_2021-003

apple mac_os_xMatch10.15.7security_update_2021-004

apple mac_os_xMatch10.15.7security_update_2021-005

apple mac_os_xMatch10.15.7security_update_2021-006

apple mac_os_xMatch10.15.7security_update_2021-007

apple mac_os_xMatch10.15.7security_update_2021-008

apple mac_os_xMatch10.15.7security_update_2022-001

apple mac_os_xMatch10.15.7security_update_2022-002

apple mac_os_xMatch10.15.7security_update_2022-003

apple macosRange<12.3

apple macosRange11.0–11.6.6

apple macosMatch10.15.7security_update_2022-004

[
  {
    "product": "vim/vim",
    "vendor": "vim",
    "versions": [
      {
        "lessThan": "8.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.gentoo.org/glsa/202208-32
support	www.support.apple.com/kb/HT213183
support	www.support.apple.com/kb/HT213256
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/
seclists	www.seclists.org/fulldisclosure/2022/Jul/14
openwall	www.openwall.com/lists/oss-security/2022/01/15/1
huntr	www.huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
seclists	www.seclists.org/fulldisclosure/2022/May/35
github	www.github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/

21 Nov 2024 06:37Current

8.1High risk

Vulners AI Score8.1

CVSS 25.8

CVSS 3.17.1

CVSS 37.1

EPSS0.00368

CWE-125