CVE-2021-3968
CVE Details
Visit the official vulnerability details page for CVE-2021-3968 to learn more.
Initial Publication
10/10/2025
Last Update
10/14/2025
Third Party Dependency
vim-minimal
NIST CVE Summary
vim is vulnerable to Heap-based Buffer Overflow
CVE Severity
Our Official Summary
CVE-2021-3968 is a heap-based buffer overflow vulnerability in the Vim editor caused by improper memory handling in the ml_append_int function. An attacker could exploit this by supplying a crafted file or input, resulting in out-of-bounds writes that may lead to code execution or application crash. The issue affects Vim versions earlier than 8.2.3610, which includes the patch.
Exploitation requires user interaction, specifically opening a malicious file in Vim. The attacker would need access to the cluster where the vulnerable component is deployed. This vulnerability is only relevant for clusters running Virtual Machine Orchestrator migration using Forklift.
Fixes are pending from the upstream Forklift project to incorporate the patched Vim version.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.23 | ⚠️ Impacted | ✅ No Impact | ✅ No Impact | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 10/14/2025 | Status changed from Open to Ongoing |
| 10/14/2025 | Official summary added |