Vim Use After Free (CVE-2021-3796)
Vulnerability details
A vulnerability in vim can lead to a use after free and impact confidentiality, availability and integrity.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
12/08/2021 |
Initial release |
Stormshield Network Security |
CVSS v3.1 Overall Score: 5.7 
|
Analysis
|
Impacted version
|
If an administrator opens a malicious crafted file with vim, this can generate a use after free on vim and depending on the crafted file, this can lead to modify memory, crash vim or execute RCE attack.
|
- SNS 3.0.0 to 3.7.22
- SNS 3.8.0 to 3.11.10
- SNS 4.0.0 to 4.2.6
|
Workaround solution
|
Solution
|
There is no workaround solution.
|
The vulnerability is fixed in versions:
|
Attack Vector |
Attack Complexity |
Privileges Required |
User Interaction |
Scope |
Confidentiality Impact |
Integrity Impact |
Availability impact |
Local |
High |
High |
Required |
Unchanged |
High |
High |
High |
Exploit Code Maturity |
Remediation Level |
Report Confidence |
Proof of concept code |
Official fix |
Confirmed |
Confidentiality Requirement |
Integrity Requirement |
Availability Requirement |
High |
High |
High |