Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Mageia: 2021-0481 Critical: Vim Heap Overflow Mitigation

mageia
Calendar Grey October 20, 2021
Dist Mageia Esm H88
Mageia 2021-0482 resolves a significant buffer overflow in nano via an urgent security patch. Discover additional information.
CVE-2021-3778: vim: Heap-based Buffer Overflow in utf_ptr2char() Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-feat...

Summary

CVE-2021-3778: vim: Heap-based Buffer Overflow in utf_ptr2char() Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a heap-buffer overflow occurs when running: echo "Ywp2XTCqCi4KeQpAMA==" | base64 -d > fuzz000.txt vim -u NONE -X -Z -e -s -S fuzz000.txt -c :qa!
CVE-2021-3796: vim: Use After Free in nv_replace() Fix: patch 8.2.3428: using freed memory when replacing When vim 8.2 is built with --with-features=huge --enable-gui=none and address sanitizer, a use-after-free occurs when running: LC_ALL=C vim -U NONE -X -Z -e -s -S poc -c :qa! with the poc file provided.

References

- https://bugs.mageia.org/show_bug.cgi?id=29501

- https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f

- https://huntr.com/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273

- https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3

- https://huntr.com/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d

- https://ubuntu.com/security/notices/USN-5093-1

- https://www.openwall.com/lists/oss-security/2021/10/01/1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/

- https://www.cve.org/CVERecord?id=CVE-2021-3778

- https://www.cve.org/CVERecord?id=CVE-2021-3796

Topics%20covered

Topics Covered

security advisory critical security patch heap overflow vim Mageia

Resolution

SRPMS

- 8/core/vim-8.2.2143-3.2.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0481.html
Type: security
CVE: CVE-2021-3778, CVE-2021-3796

Topics%20covered

Topics Covered

security advisory critical security patch heap overflow vim Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here