PT-2021-7387 · Vim+6 · Vim+6

Brammool

Published

2021-10-29

Updated

2022-12-27

CVE-2021-3928

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim (affected versions not specified)

Description The issue is related to the spell iswordp() function in the spell.c component of the Vim text editor, which lacks a check for an empty preword. This allows an attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is also described as a use of an uninitialized variable and a stack-based buffer overflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-908

Related Identifiers

ALT-PU-2022-1087

ALT-PU-2022-1711

ALT-PU-2022-1731

ALT-PU-2022-1771

BDU:2022-05921

CVE-2021-3928

DLA-2947-1

DLA-3182-1

MGASA-2021-0535

OESA-2021-1436

OPENSUSE-SU-2022:0736-1

OPENSUSE-SU-2022_0736-1

OPENSUSE-SU-2022_2102-1

OPENSUSE-SU-2022_4282-1

SUSE-SU-2022:0736-1

SUSE-SU-2022:0736-2

SUSE-SU-2022:2102-1

SUSE-SU-2022:4282-1

SUSE-SU-2022:4619-1

SUSE-SU-2022_4282-1

USN-5147-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Vim

PT-2021-7387 · Vim+6 · Vim+6

CVE-2021-3928

Weakness Enumeration

Related Identifiers

Affected Products

References · 264