Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830106 (CVE-2021-4173) - <app-editors/vim-8.2.4285: vulnerable to Use After Free (CVE-2021-4173)
Summary: <app-editors/vim-8.2.4285: vulnerable to Use After Free (CVE-2021-4173)
Status: RESOLVED FIXED
Alias: CVE-2021-4173
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://huntr.dev/bounties/a1b236b9-8...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 834460
Blocks:
  Show dependency tree
 
Reported: 2021-12-27 16:51 UTC by filip ambroz
Modified: 2022-08-21 02:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2021-12-27 16:51:11 UTC 
Use after free's / double free's can cause in memory corruption, that can cause a crash or other undefined (potentially exploitable) behaviour.

Reproducible: Always




CVE-2021-4173

vim is vulnerable to Use After Free 

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4173

Fixed in patch 8.2.3902.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-27 17:47:11 UTC 
Thanks!
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 05:31:59 UTC 
GLSA request filed
Comment 3 Larry the Git Cow gentoo-dev 2022-08-21 02:09:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cee523fe648754bae0e4ed2a531da672ac5fa15

commit 2cee523fe648754bae0e4ed2a531da672ac5fa15
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-21 01:33:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-21 01:40:46 +0000

    [ GLSA 202208-32 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/811870
    Bug: https://bugs.gentoo.org/818562
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/823473
    Bug: https://bugs.gentoo.org/824930
    Bug: https://bugs.gentoo.org/828583
    Bug: https://bugs.gentoo.org/829658
    Bug: https://bugs.gentoo.org/830106
    Bug: https://bugs.gentoo.org/830994
    Bug: https://bugs.gentoo.org/833572
    Bug: https://bugs.gentoo.org/836432
    Bug: https://bugs.gentoo.org/851231
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-32.xml | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 168 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-21 02:16:43 UTC 
GLSA released, all done!