PT-2017-16783 · Vim+3 · Vim+3

Shqking

Published

2016-11-22

Updated

2024-06-15

CVE-2017-5953

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vim versions prior to 8.0.0322

Description The issue arises from improper validation of tree length values when handling a spell file, potentially leading to an integer overflow at a memory allocation site and a resultant buffer overflow.

Recommendations For versions prior to 8.0.0322, update to a version that includes patch 8.0.0322 or later to resolve the issue.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2016-2338

CVE-2017-5953

DLA-822-1

DSA-3786-1

MGASA-2017-0275

OPENSUSE-SU-2024:11081-1

OPENSUSE-SU-2024:11497-1

SUSE-SU-2017:1712-1

SUSE-SU-2017:1775-1

SUSE-SU-2017_1712-1

SUSE-SU-2017_1775-1

SUSE-SU-2022:4619-1

USN-4016-1

USN-4309-1

Affected Products

Alt Linux

Suse

Ubuntu

Vim

PT-2017-16783 · Vim+3 · Vim+3

CVE-2017-5953

Weakness Enumeration

Related Identifiers

Affected Products

References · 260