{"id":"CVE-2021-3968","details":"vim is vulnerable to Heap-based Buffer Overflow","modified":"2026-04-02T07:33:43.886921Z","published":"2021-11-19T12:15:09.183Z","related":["MGASA-2021-0535","SUSE-SU-2022:2102-1","SUSE-SU-2022:4619-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/01/15/1"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-32"},{"type":"FIX","url":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"},{"type":"FIX","url":"https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vim/vim","events":[{"introduced":"f1e8876fa2359b572d262772747405d3616db670"},{"fixed":"a062006b9de0b2947ab5fb376c6e67ef92a8cd69"}],"database_specific":{"versions":[{"introduced":"8.2.3430"},{"fixed":"8.2.3610"}]}}],"versions":["v8.2.3430","v8.2.3431","v8.2.3432","v8.2.3433","v8.2.3434","v8.2.3435","v8.2.3436","v8.2.3437","v8.2.3438","v8.2.3439","v8.2.3440","v8.2.3441","v8.2.3442","v8.2.3443","v8.2.3444","v8.2.3445","v8.2.3446","v8.2.3447","v8.2.3448","v8.2.3449","v8.2.3450","v8.2.3451","v8.2.3452","v8.2.3453","v8.2.3454","v8.2.3455","v8.2.3456","v8.2.3457","v8.2.3458","v8.2.3459","v8.2.3460","v8.2.3461","v8.2.3462","v8.2.3463","v8.2.3464","v8.2.3465","v8.2.3466","v8.2.3467","v8.2.3468","v8.2.3469","v8.2.3470","v8.2.3471","v8.2.3472","v8.2.3473","v8.2.3474","v8.2.3475","v8.2.3476","v8.2.3477","v8.2.3478","v8.2.3479","v8.2.3480","v8.2.3481","v8.2.3482","v8.2.3483","v8.2.3484","v8.2.3485","v8.2.3486","v8.2.3487","v8.2.3488","v8.2.3489","v8.2.3490","v8.2.3491","v8.2.3492","v8.2.3493","v8.2.3494","v8.2.3495","v8.2.3496","v8.2.3497","v8.2.3498","v8.2.3499","v8.2.3500","v8.2.3501","v8.2.3502","v8.2.3503","v8.2.3504","v8.2.3505","v8.2.3506","v8.2.3507","v8.2.3508","v8.2.3509","v8.2.3510","v8.2.3511","v8.2.3512","v8.2.3513","v8.2.3514","v8.2.3515","v8.2.3516","v8.2.3517","v8.2.3518","v8.2.3519","v8.2.3520","v8.2.3521","v8.2.3522","v8.2.3523","v8.2.3524","v8.2.3525","v8.2.3526","v8.2.3527","v8.2.3528","v8.2.3529","v8.2.3530","v8.2.3531","v8.2.3532","v8.2.3533","v8.2.3534","v8.2.3535","v8.2.3536","v8.2.3537","v8.2.3538","v8.2.3539","v8.2.3540","v8.2.3541","v8.2.3542","v8.2.3543","v8.2.3544","v8.2.3545","v8.2.3546","v8.2.3547","v8.2.3548","v8.2.3549","v8.2.3550","v8.2.3551","v8.2.3552","v8.2.3553","v8.2.3554","v8.2.3555","v8.2.3556","v8.2.3557","v8.2.3558","v8.2.3559","v8.2.3560","v8.2.3561","v8.2.3562","v8.2.3563","v8.2.3564","v8.2.3565","v8.2.3566","v8.2.3567","v8.2.3568","v8.2.3569","v8.2.3570","v8.2.3571","v8.2.3572","v8.2.3573","v8.2.3574","v8.2.3575","v8.2.3576","v8.2.3577","v8.2.3578","v8.2.3579","v8.2.3580","v8.2.3581","v8.2.3582","v8.2.3583","v8.2.3584","v8.2.3585","v8.2.3586","v8.2.3587","v8.2.3588","v8.2.3589","v8.2.3590","v8.2.3591","v8.2.3592","v8.2.3593","v8.2.3594","v8.2.3595","v8.2.3596","v8.2.3597","v8.2.3598","v8.2.3599","v8.2.3600","v8.2.3601","v8.2.3602","v8.2.3603","v8.2.3604","v8.2.3605","v8.2.3606","v8.2.3607","v8.2.3608","v8.2.3609"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3968.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}],"vanir_signatures":[{"id":"CVE-2021-3968-650db7de","digest":{"threshold":0.9,"line_hashes":["146200493773228420153804765641940418619","98519502523796768966903635678610383175","47331157051170592105221954330432142672","205047797260221704645004093104877364739"]},"signature_version":"v1","target":{"file":"src/version.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"},{"id":"CVE-2021-3968-8dbcbbac","digest":{"threshold":0.9,"line_hashes":["45626131977096187401290691107140972095","106229336635017140624816973343478477394","7352135862961346482541386056063111385","69144108965290337078833135922510758320","322409648483037622684127794207024042908","292880595340456156280479321467725306127","8778114862460833416373016684305968715"]},"signature_version":"v1","target":{"file":"src/normal.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"},{"id":"CVE-2021-3968-b912ad49","digest":{"length":756,"function_hash":"57417841470623047018768216016190771615"},"signature_version":"v1","target":{"function":"n_start_visual_mode","file":"src/normal.c"},"signature_type":"Function","deprecated":false,"source":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}