CVE-2021-4166

Q: What is the severity of CVE-2021-4166?

CVE-2021-4166 has a CVSS score of 7.1 (HIGH). CVE-2021-4166 is an out-of-bounds read vulnerability in Vim text editor that allows attackers to read memory contents beyond allocated buffers. This affects users who open specially crafted files in vulnerable Vim versions. The vulnerability could lead to information disclosure or be combined with other flaws for more severe attacks.

7.1 HIGH

📋 TL;DR

CVE-2021-4166 is an out-of-bounds read vulnerability in Vim text editor that allows attackers to read memory contents beyond allocated buffers. This affects users who open specially crafted files in vulnerable Vim versions. The vulnerability could lead to information disclosure or be combined with other flaws for more severe attacks.

💻 Affected Systems

Products:

Vim
Neovim (potentially affected)

Versions: Vim versions before 8.2.4066

Operating Systems: Linux, Unix-like systems, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Vim installations with vulnerable versions; requires user to open a malicious file.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

Learn more about Macos →

Macos by Apple

Learn more about Macos →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory contents disclosure leading to sensitive information exposure, potential ASLR bypass, or crash causing denial of service.

🟠

Likely Case

Application crash (denial of service) when processing malicious files, potentially with some memory content leakage.

🟢

If Mitigated

Limited impact with proper file handling controls and sandboxing; crash without privilege escalation.

🌐 Internet-Facing: LOW - Vim is typically not internet-facing; requires user interaction to open malicious files.

🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious files, but requires user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user to open a malicious file; proof-of-concept code is publicly available in disclosure references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vim 8.2.4066 and later

Vendor Advisory: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682

Restart Required: No

Instructions:

1. Update Vim using your system's package manager. 2. For Linux: 'sudo apt update && sudo apt upgrade vim' (Debian/Ubuntu) or 'sudo yum update vim' (RHEL/CentOS). 3. For Windows/macOS: Download latest version from vim.org. 4. Verify version with 'vim --version'.

🔧 Temporary Workarounds

Avoid opening untrusted files

all

Do not open files from untrusted sources in Vim

Use alternative editors for untrusted files

all

Use less, cat, or other simple viewers for suspicious files

🧯 If You Can't Patch

Restrict Vim usage through application control policies
Implement file integrity monitoring for Vim binary and configuration changes

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is below 8.2.4066

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 8.2.4066 or higher

📡 Detection & Monitoring

Log Indicators:

Vim crash logs
Core dumps from Vim process
Abnormal termination of Vim

Network Indicators:

File transfers of suspicious text files to target systems

SIEM Query:

process_name:vim AND (event_type:crash OR exit_code:139 OR exit_code:11)

📊 Metadata

CVE ID: CVE-2021-4166

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: December 25, 2021

Last Updated: November 21, 2024

🔗 References

http://seclists.org/fulldisclosure/2022/Jul/14 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/29 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/May/35 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1 Mailing List,Third Party Advisory
https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 Patch,Third Party Advisory
https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
https://security.gentoo.org/glsa/202208-32 Third Party Advisory
https://support.apple.com/kb/HT213183 Release Notes,Third Party Advisory
https://support.apple.com/kb/HT213256 Third Party Advisory
https://support.apple.com/kb/HT213343 Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jul/14 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/Mar/29 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2022/May/35 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/15/1 Mailing List,Third Party Advisory
https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 Patch,Third Party Advisory
https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 Exploit,Issue Tracking,Patch,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
https://security.gentoo.org/glsa/202208-32 Third Party Advisory
https://support.apple.com/kb/HT213183 Release Notes,Third Party Advisory
https://support.apple.com/kb/HT213256 Third Party Advisory
https://support.apple.com/kb/HT213343 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Factory by Opensuse

Fedora by Fedoraproject

Fedora by Fedoraproject

Linux Enterprise by Suse

Linux Enterprise by Suse

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Mac Os X by Apple

Macos by Apple

Macos by Apple

Macos by Apple

Vim by Vim

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Avoid opening untrusted files

Use alternative editors for untrusted files

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities