Lucene search

K
osvGoogleOSV:ALSA-2021:4517
HistoryNov 09, 2021 - 1:22 p.m.

Moderate: vim security update

2021-11-0913:22:45
Google
osv.dev
11
vim
security fix
heap-based buffer overflow
use-after-free
cve-2021-3778
cve-2021-3796
cvss score
almalinux
release notes

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

41.6%

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

  • vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c (CVE-2021-3778)

  • vim: use-after-free in nv_replace() in normal.c (CVE-2021-3796)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.