Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 818562 (CVE-2021-3875) - <app-editors/vim-8.2.3567: heap overflow (CVE-2021-3875)
Summary: <app-editors/vim-8.2.3567: heap overflow (CVE-2021-3875)
Status: RESOLVED FIXED
Alias: CVE-2021-3875
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://huntr.dev/bounties/5cdbc168-6...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: CVE-2021-3770, CVE-2021-3778, CVE-2021-3796 820698
Blocks:
  Show dependency tree
 
Reported: 2021-10-17 03:07 UTC by John Helmert III
Modified: 2022-08-21 02:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-17 03:07:58 UTC
CVE-2021-3875:

vim is vulnerable to Heap-based Buffer Overflow

Patch: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f
Comment 1 Larry the Git Cow gentoo-dev 2021-10-29 13:02:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=232132d46b2087addb8f44c79eaf2561cce1927d

commit 232132d46b2087addb8f44c79eaf2561cce1927d
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-29 12:59:16 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-29 13:02:39 +0000

    app-editors/gvim: add 8.2.3567
    
    Bug: https://bugs.gentoo.org/820692
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/818562
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-8.2.3567.ebuild | 383 ++++++++++++++++++++++++++++++++++
 app-editors/gvim/gvim-9999.ebuild     |  17 +-
 3 files changed, 394 insertions(+), 7 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b32eb9c94042b14c041905bf8d4bc4d9a82a22c

commit 9b32eb9c94042b14c041905bf8d4bc4d9a82a22c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-29 12:56:33 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-29 13:02:38 +0000

    app-editors/vim-core: add 8.2.3567
    
    Bug: https://bugs.gentoo.org/820692
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/818562
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-8.2.3567.ebuild | 227 ++++++++++++++++++++++++++
 app-editors/vim-core/vim-core-9999.ebuild     |  12 +-
 3 files changed, 234 insertions(+), 6 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d89e304ab79ba5080d76cfc2e5013f1f4534c315

commit d89e304ab79ba5080d76cfc2e5013f1f4534c315
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-10-29 12:51:39 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-10-29 13:02:36 +0000

    app-editors/vim: add 8.2.3567
    
    Bug: https://bugs.gentoo.org/820692
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/818562
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-8.2.3567.ebuild | 347 ++++++++++++++++++++++++++++++++++++
 app-editors/vim/vim-9999.ebuild     |  32 ++--
 3 files changed, 365 insertions(+), 15 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 05:31:53 UTC
GLSA request filed
Comment 3 Larry the Git Cow gentoo-dev 2022-08-21 02:09:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cee523fe648754bae0e4ed2a531da672ac5fa15

commit 2cee523fe648754bae0e4ed2a531da672ac5fa15
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-21 01:33:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-21 01:40:46 +0000

    [ GLSA 202208-32 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/811870
    Bug: https://bugs.gentoo.org/818562
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/823473
    Bug: https://bugs.gentoo.org/824930
    Bug: https://bugs.gentoo.org/828583
    Bug: https://bugs.gentoo.org/829658
    Bug: https://bugs.gentoo.org/830106
    Bug: https://bugs.gentoo.org/830994
    Bug: https://bugs.gentoo.org/833572
    Bug: https://bugs.gentoo.org/836432
    Bug: https://bugs.gentoo.org/851231
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-32.xml | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 168 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-21 02:15:56 UTC
GLSA released, all done!