CVE-2017-6349
Gentoo Linux Security Advisory 201706-26
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Un desbordamiento de entero en un sitio de asignación de memoria u_read_undo ocurriría para vim en versiones anteriores al parche 8.0.0377, si no valida correctamente los valores de longitud del árbol de decisión, al leer un archivo desecho corrompido, lo que puede resultar en un desbordamiento de búfer.
Multiple vulnerabilities have been found in Vim and gVim, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 8.0.0386 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-02-26 CVE Reserved
- 2017-02-27 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/96451 | Vdb Entry | |
| http://www.securitytracker.com/id/1037949 | Vdb Entry | |
| https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA | X_refsource_misc | |
| https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201706-26 | 2023-11-07 | |
| https://usn.ubuntu.com/4309-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vim Search vendor "Vim" | Vim Search vendor "Vim" for product "Vim" | <= 8.0.0376 Search vendor "Vim" for product "Vim" and version " <= 8.0.0376" | - |
Affected
| ||||||