{"id":"CVE-2021-3968","details":"vim is vulnerable to Heap-based Buffer Overflow","modified":"2026-05-19T00:39:28.478543Z","published":"2021-11-19T12:15:09.183Z","related":["SUSE-SU-2022:2102-1","SUSE-SU-2022:4619-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"34"},{"last_affected":"35"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/01/15/1"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-32"},{"type":"FIX","url":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"},{"type":"FIX","url":"https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vim/vim","events":[{"introduced":"f1e8876fa2359b572d262772747405d3616db670"},{"fixed":"a062006b9de0b2947ab5fb376c6e67ef92a8cd69"}],"database_specific":{"extracted_events":[{"introduced":"8.2.3430"},{"fixed":"8.2.3610"}],"cpe":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["v8.2.3609","v8.2.3608","v8.2.3607","v8.2.3606","v8.2.3605","v8.2.3604","v8.2.3603","v8.2.3602","v8.2.3601","v8.2.3600","v8.2.3599","v8.2.3598","v8.2.3597","v8.2.3596","v8.2.3595","v8.2.3594","v8.2.3593","v8.2.3592","v8.2.3591","v8.2.3590","v8.2.3589","v8.2.3588","v8.2.3587","v8.2.3586","v8.2.3585","v8.2.3584","v8.2.3583","v8.2.3582","v8.2.3581","v8.2.3580","v8.2.3579","v8.2.3578","v8.2.3577","v8.2.3576","v8.2.3575","v8.2.3574","v8.2.3573","v8.2.3572","v8.2.3571","v8.2.3570","v8.2.3569","v8.2.3568","v8.2.3567","v8.2.3566","v8.2.3565","v8.2.3564","v8.2.3563","v8.2.3562","v8.2.3561","v8.2.3560","v8.2.3559","v8.2.3558","v8.2.3557","v8.2.3556","v8.2.3555","v8.2.3554","v8.2.3553","v8.2.3552","v8.2.3551","v8.2.3550","v8.2.3549","v8.2.3548","v8.2.3547","v8.2.3546","v8.2.3545","v8.2.3544","v8.2.3543","v8.2.3542","v8.2.3541","v8.2.3540","v8.2.3539","v8.2.3538","v8.2.3537","v8.2.3536","v8.2.3535","v8.2.3534","v8.2.3533","v8.2.3532","v8.2.3531","v8.2.3530","v8.2.3529","v8.2.3528","v8.2.3527","v8.2.3526","v8.2.3525","v8.2.3524","v8.2.3523","v8.2.3522","v8.2.3521","v8.2.3520","v8.2.3519","v8.2.3518","v8.2.3517","v8.2.3516","v8.2.3515","v8.2.3514","v8.2.3513","v8.2.3512","v8.2.3511","v8.2.3510","v8.2.3509","v8.2.3508","v8.2.3507","v8.2.3506","v8.2.3505","v8.2.3504","v8.2.3503","v8.2.3502","v8.2.3501","v8.2.3500","v8.2.3499","v8.2.3498","v8.2.3497","v8.2.3496","v8.2.3495","v8.2.3494","v8.2.3493","v8.2.3492","v8.2.3491","v8.2.3490","v8.2.3489","v8.2.3488","v8.2.3487","v8.2.3486","v8.2.3485","v8.2.3484","v8.2.3483","v8.2.3482","v8.2.3481","v8.2.3480","v8.2.3479","v8.2.3478","v8.2.3477","v8.2.3476","v8.2.3475","v8.2.3474","v8.2.3473","v8.2.3472","v8.2.3471","v8.2.3470","v8.2.3469","v8.2.3468","v8.2.3467","v8.2.3466","v8.2.3465","v8.2.3464","v8.2.3463","v8.2.3462","v8.2.3461","v8.2.3460","v8.2.3459","v8.2.3458","v8.2.3457","v8.2.3456","v8.2.3455","v8.2.3454","v8.2.3453","v8.2.3452","v8.2.3451","v8.2.3450","v8.2.3449","v8.2.3448","v8.2.3447","v8.2.3446","v8.2.3445","v8.2.3444","v8.2.3443","v8.2.3442","v8.2.3441","v8.2.3440","v8.2.3439","v8.2.3438","v8.2.3437","v8.2.3436","v8.2.3435","v8.2.3434","v8.2.3433","v8.2.3432","v8.2.3431","v8.2.3430"],"database_specific":{"vanir_signatures_modified":"2026-05-19T00:39:28Z","vanir_signatures":[{"target":{"file":"src/version.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["146200493773228420153804765641940418619","98519502523796768966903635678610383175","47331157051170592105221954330432142672","205047797260221704645004093104877364739"]},"id":"CVE-2021-3968-650db7de","deprecated":false,"signature_type":"Line","source":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"},{"target":{"file":"src/normal.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["45626131977096187401290691107140972095","106229336635017140624816973343478477394","7352135862961346482541386056063111385","69144108965290337078833135922510758320","322409648483037622684127794207024042908","292880595340456156280479321467725306127","8778114862460833416373016684305968715"]},"id":"CVE-2021-3968-8dbcbbac","deprecated":false,"signature_type":"Line","source":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"},{"target":{"file":"src/normal.c","function":"n_start_visual_mode"},"signature_version":"v1","digest":{"function_hash":"57417841470623047018768216016190771615","length":756},"id":"CVE-2021-3968-b912ad49","deprecated":false,"signature_type":"Function","source":"https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3968.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}