CVE-2021-3796

nvd nist

Published: Sep 15, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H

Exploitability: 1.8 / Impact: 5.5

Source: NVD

Description

vim is vulnerable to Use After Free

Affected (6)

Products: Vim: Vim · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Vim: Vim · Fedoraproject: Fedora · Debian: Debian Linux · Netapp: Ontap Select Deploy Administration Utility

1 product

1 product

1 product

1 product

Ontap Select Deploy Administration Utility

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vim Vim	Before 8.2.3428

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (18)

http://www.openwall.com/lists/oss-security/2021/10/01/1

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3

Source: security@huntr.dev

PatchThird Party Advisory

https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d

Source: security@huntr.dev

ExploitIssue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html

Source: security@huntr.dev

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/

Source: security@huntr.dev

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/

Source: security@huntr.dev

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/

Source: security@huntr.dev

https://security.gentoo.org/glsa/202208-32

Source: security@huntr.dev

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221118-0004/

Source: security@huntr.dev

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/10/01/1