Lucene search

K
mageiaGentoo FoundationMGASA-2021-0481
HistoryOct 21, 2021 - 12:28 a.m.

Updated vim packages fix security vulnerability

2021-10-2100:28:32
Gentoo Foundation
advisories.mageia.org
37
vim
security vulnerability
heap-based buffer overflow
use after free
patch
address sanitizer
unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.6%

CVE-2021-3778: vim: Heap-based Buffer Overflow in utf_ptr2char() Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo “Ywp2XTCqCi4KeQpAMA==” | base64 -d > fuzz000.txt vim -u NONE -X -Z -e -s -S fuzz000.txt -c :qa! CVE-2021-3796: vim: Use After Free in nv_replace() Fix: patch 8.2.3428: using freed memory when replacing When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a use-after-free occurs when running: LC_ALL=C vim -U NONE -X -Z -e -s -S poc -c :qa! with the poc file provided.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchvim< 8.2.2143-3.2vim-8.2.2143-3.2.mga8

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

41.6%