Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-3984. PoCs published by cemonatk.
AI-analyzed exploit summary This repository contains a detailed technical analysis of CVE-2021-3984, a heap-based buffer overflow in Vim. It includes the original report, sanitizer output, and references to patches and advisories, but does not include functional exploit code.
Description
vim is vulnerable to Heap-based Buffer Overflow
Exploits (1)
github
WRITEUP
3 stars
by cemonatk · poc
https://github.com/cemonatk/onefuzzyway/tree/main/CVEs/vim/CVE-2021-3984.md
This repository contains a detailed technical analysis of CVE-2021-3984, a heap-based buffer overflow in Vim. It includes the original report, sanitizer output, and references to patches and advisories, but does not include functional exploit code.
Classification
Writeup 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:
Vim (master branch, commit 3cad470)
No auth needed
Prerequisites:
Vim compiled with AddressSanitizer · POC file (not included in the repo)
MITRE ATT&CK
devstral-2 · analyzed Apr 29, 2026
Full analysis →
References (7)
Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/01/15/1
Mitigation, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202208-32
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html
Patch, Third Party Advisory
https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655
Exploit, Patch, Third Party Advisory
https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
Scores
CVSS v3
7.8
EPSS
0.0146
EPSS Percentile
70.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-122
CWE-787
Status
published
Products (4)
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
34
vim/vim
< 8.2.3625
Published
Dec 01, 2021
Tracked Since
Feb 18, 2026