// For flags

CVE-2008-3432

Vim - 'mch_expand_wildcards()' Heap Buffer Overflow

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

Desbordamiento de búfer basado en pila en la función mch_expand_wildcard en os_unix.c en Vim v6.2 y v6.3 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante metacaracteres del interprete de comandos en el nombre de los ficheros, como se ha demostrado por el caso de prueba netrw.v3.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-01-29 First Exploit
  • 2008-07-31 CVE Reserved
  • 2008-10-10 CVE Published
  • 2024-05-26 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122: Heap-based Buffer Overflow
CAPEC
References (24)
URL Tag Source
ftp://ftp.vim.org/pub/vim/patches/6.2.429 X_refsource_confirm
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059 X_refsource_confirm
http://secunia.com/advisories/32858 Third Party Advisory
http://secunia.com/advisories/33410 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm X_refsource_confirm
http://www.openwall.com/lists/oss-security/2008/07/15/4 Mailing List
http://www.openwall.com/lists/oss-security/2008/08/01/1 Mailing List
http://www.securityfocus.com/archive/1/502322/100/0/threaded Mailing List
http://www.securityfocus.com/bid/30648 Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2009-0004.html X_refsource_confirm
http://www.vupen.com/english/advisories/2008/2780 Vdb Entry
http://www.vupen.com/english/advisories/2009/0033 Vdb Entry
http://www.vupen.com/english/advisories/2009/0904 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44722 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987 Signature
URL Date SRC
https://www.exploit-db.com/exploits/32225 2005-01-29
URL Date SRC
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html 2023-02-13
http://www.securityfocus.com/bid/31681 2023-02-13
URL Date SRC
http://secunia.com/advisories/32222 2023-02-13
http://support.apple.com/kb/HT3216 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0617.html 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=455455 2008-11-25
https://access.redhat.com/security/cve/CVE-2008-3432 2008-11-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vim
Search vendor "Vim"
 Vim
Search vendor "Vim" for product "Vim"
 6.2
Search vendor "Vim" for product "Vim" and version "6.2"
-
Affected
Vim
Search vendor "Vim"
 Vim
Search vendor "Vim" for product "Vim"
 6.3
Search vendor "Vim" for product "Vim" and version "6.3"
-
Affected