Heap-based Buffer Overflow in vim/vim
Description
A heap-based buffer overflow in vim before 8.2.3581 could allow attackers to cause a crash or potentially execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-based buffer overflow in vim before 8.2.3581 could allow attackers to cause a crash or potentially execute arbitrary code.
Vulnerability
CVE-2021-3973 is a heap-based buffer overflow vulnerability in vim, the widely used text editor. The bug resides in the memory handling routines of vim versions prior to 8.2.3581, occurring when processing specially crafted input. The exact code path is triggered during normal file editing, making it reachable without special configuration beyond opening a malicious file [1][4].
Exploitation
To exploit this vulnerability, an attacker must convince a victim to open a specially crafted file with an affected version of vim. No additional authentication or network access is required; the attack vector is local, relying on user interaction. The attacker would craft a file that, when parsed by vim's heap memory operations, overflows the allocated buffer. No race condition or privileged position is needed, simply the act of opening the file [1].
Impact
Successful exploitation of this heap-based buffer overflow can lead to a crash of the vim process (denial of service) or, in more severe scenarios, arbitrary code execution in the context of the vim process. The impact scope is the local system where vim runs, and the attacker could potentially gain the same privileges as the user running vim [1][4].
Mitigation
The vulnerability is fixed in vim version 8.2.3581, released on September 30, 2021. Users should upgrade to vim 8.2.3581 or later. As a workaround, users can avoid opening untrusted files with vulnerable versions. Gentoo has provided a GLSA (202208-32) recommending upgrade to >=9.0.0060 [4]. No other workaround is known [1][4].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
37- osv-coords35 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 8.2.5038-150000.5.21.1+ 34 more
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202208-32mitrevendor-advisoryx_refsource_GENTOO
- www.openwall.com/lists/oss-security/2022/01/15/1mitremailing-listx_refsource_MLIST
- github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847mitrex_refsource_MISC
- huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052emitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.