CVE-2021-4166

一、漏洞信息
 漏洞编号：[CVE-2021-4166](https://nvd.nist.gov/vuln/detail/CVE-2021-4166)
 漏洞归属组件：[vim](https://gitee.com/src-openeuler/vim)
 漏洞归属的版本：8.1.450,8.2
 CVSS V3.0分值：
  BaseScore：7.1 High
  Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
 漏洞简述：
  vim is vulnerable to Out-of-bounds Read
 漏洞公开时间：2021-12-26 03:15
 漏洞创建时间：2022-01-05 07:30:17
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2021-4166
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| CONFIRM | https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 |  |
| MISC | https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 |  |
| FEDORA | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/ |  |
| MLIST | http://www.openwall.com/lists/oss-security/2022/01/15/1 |  |
| FEDORA | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/ |  |
| CONFIRM | https://support.apple.com/kb/HT213183 |  |
| FULLDISC | http://seclists.org/fulldisclosure/2022/Mar/29 |  |
| CONFIRM | https://support.apple.com/kb/HT213256 |  |
| FULLDISC | http://seclists.org/fulldisclosure/2022/May/35 |  |
| redhat | https://access.redhat.com/security/cve/CVE-2021-4166 |  |
| CONFIRM | https://support.apple.com/kb/HT213183 |  |
| FULLDISC | http://seclists.org/fulldisclosure/2022/Mar/29 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
      受到越界读取的影响  
 openEuler评分：
  7.1
 Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS(8.2):受影响
2.openEuler-20.03-LTS-SP1(9.0):受影响
3.openEuler-20.03-LTS-SP2(8.2):受影响
4.openEuler-20.03-LTS-SP3(9.0):受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS(8.2):否
2.openEuler-20.03-LTS-SP1(9.0):否
3.openEuler-20.03-LTS-SP2(8.2):否
4.openEuler-20.03-LTS-SP3(9.0):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2022-1500

src-openEuler/vim

内容风险标识

评论 (14)

src-openEuler/vim .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2021-4166

评论 (14)

搜索帮助

src-openEuler/vim