CVE-2021-4173

Name

CVE-2021-4173

Description

vim is vulnerable to Use After Free

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
CONFIRM	https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766
MISC	https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/
Mailing List	http://www.openwall.com/lists/oss-security/2022/01/15/1
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
Release Notes	https://support.apple.com/kb/HT213183
Mailing List	http://seclists.org/fulldisclosure/2022/Mar/29
CONFIRM	https://support.apple.com/kb/HT213256
FULLDISC	http://seclists.org/fulldisclosure/2022/May/35
Mailing List	http://seclists.org/fulldisclosure/2022/Jul/14
security@huntr.dev	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/
security@huntr.dev	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
Third Party Advisory	https://security.gentoo.org/glsa/202208-32
Third Party Advisory	https://support.apple.com/kb/HT213343
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:vim:vim::::::::`	vim	>= None	< 8.2.3902

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
vim	edge-main	8.2.4173-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
vim	edge-main	8.2.3779-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3650-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3567-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3500-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3437-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.1.1365-r0	None	possibly vulnerable
vim	edge-main	8.0.1521-r0	None	possibly vulnerable
vim	edge-main	8.0.0329-r0	None	possibly vulnerable
vim	edge-main	8.0.0056-r0	None	possibly vulnerable
vim	3.22-main	8.2.4173-r0	None	fixed
vim	3.22-main	8.2.3779-r0	None	possibly vulnerable
vim	3.22-main	8.2.3650-r0	None	possibly vulnerable
vim	3.22-main	8.2.3567-r0	None	possibly vulnerable
vim	3.22-main	8.2.3500-r0	None	possibly vulnerable
vim	3.22-main	8.2.3437-r0	None	possibly vulnerable
vim	3.22-main	8.1.1365-r0	None	possibly vulnerable
vim	3.22-main	8.0.1521-r0	None	possibly vulnerable
vim	3.22-main	8.0.0329-r0	None	possibly vulnerable
vim	3.22-main	8.0.0056-r0	None	possibly vulnerable
vim	3.21-main	8.2.4173-r0	None	fixed
vim	3.21-main	8.2.3779-r0	None	possibly vulnerable
vim	3.21-main	8.2.3650-r0	None	possibly vulnerable
vim	3.21-main	8.2.3567-r0	None	possibly vulnerable
vim	3.21-main	8.2.3500-r0	None	possibly vulnerable
vim	3.21-main	8.2.3437-r0	None	possibly vulnerable
vim	3.21-main	8.1.1365-r0	None	possibly vulnerable
vim	3.21-main	8.0.1521-r0	None	possibly vulnerable
vim	3.21-main	8.0.0329-r0	None	possibly vulnerable
vim	3.21-main	8.0.0056-r0	None	possibly vulnerable
vim	3.20-main	8.2.4173-r0	None	fixed
vim	3.20-main	8.2.3779-r0	None	possibly vulnerable
vim	3.20-main	8.2.3650-r0	None	possibly vulnerable
vim	3.20-main	8.2.3567-r0	None	possibly vulnerable
vim	3.20-main	8.2.3500-r0	None	possibly vulnerable
vim	3.20-main	8.2.3437-r0	None	possibly vulnerable
vim	3.20-main	8.1.1365-r0	None	possibly vulnerable
vim	3.20-main	8.0.1521-r0	None	possibly vulnerable
vim	3.20-main	8.0.0329-r0	None	possibly vulnerable
vim	3.20-main	8.0.0056-r0	None	possibly vulnerable
vim	3.19-main	8.2.4173-r0	None	fixed
vim	3.19-main	8.2.3779-r0	None	possibly vulnerable
vim	3.19-main	8.2.3650-r0	None	possibly vulnerable
vim	3.19-main	8.2.3567-r0	None	possibly vulnerable
vim	3.19-main	8.2.3500-r0	None	possibly vulnerable
vim	3.19-main	8.2.3437-r0	None	possibly vulnerable
vim	3.19-main	8.1.1365-r0	None	possibly vulnerable
vim	3.19-main	8.0.1521-r0	None	possibly vulnerable
vim	3.19-main	8.0.0329-r0	None	possibly vulnerable
vim	3.19-main	8.0.0056-r0	None	possibly vulnerable
vim	3.18-main	8.2.4173-r0	None	fixed
vim	3.17-main	8.2.4173-r0	None	fixed
vim	3.12-main	8.2.4173-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
vim	3.12-main	8.2.3437-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable