English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2021.0481
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2021-0481)
Summary:The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2021-0481 advisory.
Description:Summary:
The remote host is missing an update for the 'vim' package(s) announced via the MGASA-2021-0481 advisory.

Vulnerability Insight:
CVE-2021-3778: vim: Heap-based Buffer Overflow in utf_ptr2char()
Fix: patch 8.2.3409: reading beyond end of line with invalid utf-8 character
When vim 8.2 is built with --with-features=huge --enable-gui=none
and address sanitizer, a heap-buffer overflow occurs when running:
echo 'Ywp2XTCqCi4KeQpAMA==' base64 -d > fuzz000.txt
vim -u NONE -X -Z -e -s -S fuzz000.txt -c :qa!

CVE-2021-3796: vim: Use After Free in nv_replace()
Fix: patch 8.2.3428: using freed memory when replacing
When vim 8.2 is built with --with-features=huge --enable-gui=none
and address sanitizer, a use-after-free occurs when running:
LC_ALL=C vim -U NONE -X -Z -e -s -S poc -c :qa!
with the poc file provided.

Affected Software/OS:
'vim' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3778
https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/
https://security.gentoo.org/glsa/202208-32
https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f
https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html
http://www.openwall.com/lists/oss-security/2021/10/01/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3796
https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d
https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.