Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-3974. PoCs published by cemonatk.
AI-analyzed exploit summary This repository contains a detailed technical analysis of CVE-2021-3974, a Use After Free vulnerability in Vim. It includes a description of the issue, steps to reproduce, and sanitizer output demonstrating the heap-use-after-free condition.
Description
vim is vulnerable to Use After Free
Exploits (1)
github
WRITEUP
3 stars
by cemonatk · poc
https://github.com/cemonatk/onefuzzyway/tree/main/CVEs/vim/CVE-2021-3974.md
This repository contains a detailed technical analysis of CVE-2021-3974, a Use After Free vulnerability in Vim. It includes a description of the issue, steps to reproduce, and sanitizer output demonstrating the heap-use-after-free condition.
Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:
Vim (master branch, specifically commit 3c5904d)
No auth needed
Prerequisites:
Vim compiled with AddressSanitizer · POC file (referenced but not included)
MITRE ATT&CK
devstral-2 · analyzed Feb 27, 2026
Full analysis →
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/01/15/1
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202208-32
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Patch, Third Party Advisory
https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6
Exploit, Issue Tracking, Patch, Third Party Advisory
https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
Scores
CVSS v3
7.8
EPSS
0.0127
EPSS Percentile
66.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (5)
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
34
fedoraproject/fedora
35
vim/vim
< 8.2.3612
Published
Nov 19, 2021
Tracked Since
Feb 18, 2026