CVE-2021-4187

2021-12-2917:15:07

Alpine Linux Development Team

security.alpinelinux.org

cve-2021-4187

vulnerability

use after free

unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

vim is vulnerable to Use After Free

OSVersionArchitecturePackageVersionFilename
Alpineedge-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.12-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.13-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.14-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.15-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.16-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.17-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.18-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.19-mainnoarchvim< 8.2.4173-r0UNKNOWN
Alpine3.20-mainnoarchvim< 8.2.4173-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.12-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.13-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.14-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.15-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.16-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.17-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.18-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.19-main	noarch	vim	< 8.2.4173-r0	UNKNOWN
Alpine	3.20-main	noarch	vim	< 8.2.4173-r0	UNKNOWN