CVE-2021-4019
Description
A heap-based buffer overflow in vim's help tag processing allows arbitrary code execution when opening a crafted help file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-based buffer overflow in vim's help tag processing allows arbitrary code execution when opening a crafted help file.
Vulnerability
A heap-based buffer overflow exists in the find_help_tags function of vim (before patch 8.2.3669). When processing a long help argument, the unsafe use of STRCPY without bounds checking can overflow a heap buffer. This occurs in the code path that handles help tags with a leading % or _ character [1][2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted help file or to execute the :help command with an overly long argument. No authentication is required, but user interaction is necessary. The attacker must provide a string longer than the allocated buffer (e.g., a help argument of 1021 characters as shown in the test case) [2].
Impact
Successful exploitation leads to a heap-based buffer overflow, which can corrupt adjacent memory. This may allow an attacker to execute arbitrary code with the privileges of the user running vim, or cause a denial of service via a crash. The impact is limited to the user's session and does not cross privilege boundaries unless vim is running with elevated privileges [1].
Mitigation
The vulnerability is fixed in vim version 8.2.3669, released on 2021-09-30 (commit bd228fd097b41a798f90944b5d1245eddd484142) [2]. Users should update to this or a later version. No workaround is available. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog.
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
44- osv-coords42 versionspkg:rpm/almalinux/vim-commonpkg:rpm/almalinux/vim-enhancedpkg:rpm/almalinux/vim-filesystempkg:rpm/almalinux/vim-minimalpkg:rpm/almalinux/vim-X11pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2:8.0.1763-16.el8_5.13+ 41 more
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142nvdPatchThird Party Advisory
- huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92nvdExploitThird Party Advisory
- www.openwall.com/lists/oss-security/2022/01/15/1nvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2022/11/msg00009.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2025/03/msg00023.htmlnvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/nvdBroken LinkThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/nvdBroken LinkThird Party Advisory
- security.gentoo.org/glsa/202208-32nvdThird Party Advisory
News mentions
0No linked articles in our index yet.