Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 819528 (CVE-2021-3872) - <app-editors/vim-8.2.3567: heap buffer overflow (CVE-2021-3872)
Summary: <app-editors/vim-8.2.3567: heap buffer overflow (CVE-2021-3872)
Status: IN_PROGRESS
Alias: CVE-2021-3872
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/vim/vim/commit/826...
Whiteboard: B3 [glsa? cleanup]
Keywords:
Depends on: CVE-2021-3770, CVE-2021-3778, CVE-2021-3796 820698
Blocks:
  Show dependency tree
 
Reported: 2021-10-22 21:40 UTC by John Helmert III
Modified: 2021-12-04 23:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-10-22 21:40:34 UTC
CVE-2021-3872:

vim is vulnerable to Heap-based Buffer Overflow

... "if buffer name is very long" according to URL. Is this ever untrusted?

Fix is in 8.2.3487 onward.
Comment 1 Larry the Git Cow gentoo-dev 2021-10-29 13:02:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=232132d46b2087addb8f44c79eaf2561cce1927d

commit 232132d46b2087addb8f44c79eaf2561cce1927d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-29 12:59:16 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-29 13:02:39 +0000

    app-editors/gvim: add 8.2.3567
    
    Bug: https://bugs.gentoo.org/820692
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/818562
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-8.2.3567.ebuild | 383 ++++++++++++++++++++++++++++++++++
 app-editors/gvim/gvim-9999.ebuild     |  17 +-
 3 files changed, 394 insertions(+), 7 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b32eb9c94042b14c041905bf8d4bc4d9a82a22c

commit 9b32eb9c94042b14c041905bf8d4bc4d9a82a22c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-29 12:56:33 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-29 13:02:38 +0000

    app-editors/vim-core: add 8.2.3567
    
    Bug: https://bugs.gentoo.org/820692
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/818562
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-8.2.3567.ebuild | 227 ++++++++++++++++++++++++++
 app-editors/vim-core/vim-core-9999.ebuild     |  12 +-
 3 files changed, 234 insertions(+), 6 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d89e304ab79ba5080d76cfc2e5013f1f4534c315

commit d89e304ab79ba5080d76cfc2e5013f1f4534c315
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-29 12:51:39 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-29 13:02:36 +0000

    app-editors/vim: add 8.2.3567
    
    Bug: https://bugs.gentoo.org/820692
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/818562
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-8.2.3567.ebuild | 347 ++++++++++++++++++++++++++++++++++++
 app-editors/vim/vim-9999.ebuild     |  32 ++--
 3 files changed, 365 insertions(+), 15 deletions(-)