CVE-2021-4166
Published: 25 December 2021
vim is vulnerable to Out-of-bounds Read
Priority
Medium
CVSS 3 base score: 7.1
Notes
| Author | Note |
|---|---|
| ccdm94 | code in bionic and earlier does not include file src/arglist.c, which is the patched file. However, the patched code, as seen in commit 4ad62155a10, seems to be instead present in src/buffer.c for the previously mentioned group of releases. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4166
- https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
- https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884)
- https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682
- NVD
- Launchpad
- Debian