Home

CVE-2017-6350

Description

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.188

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-6350 are affected in Vim 8.0.0377Windows
SUSE-SU-2017:1712-1(SUSE Linux Enterprise Desktop 12-SP2 ) gvim-7.4.326-16.1.x86_64.rpmLinux
SUSE-SU-2017:1712-1(SUSE Linux Enterprise Desktop 12-SP2 ) gvim-debuginfo-7.4.326-16.1.x86_64.rpmLinux
SUSE-SU-2017:1712-1(SUSE Linux Enterprise Desktop 12-SP2 ) vim-data-7.4.326-16.1.noarch.rpmLinux
SUSE-SU-2017:1712-1(SUSE Linux Enterprise Desktop 12-SP2 ) vim-debuginfo-7.4.326-16.1.x86_64.rpmLinux
SUSE-SU-2017:1712-1(SUSE Linux Enterprise Desktop 12-SP2 ) vim-debugsource-7.4.326-16.1.x86_64.rpmLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim_7.4.1689-3ubuntu1.4_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim_7.4.1689-3ubuntu1.4_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim_8.0.1453-1ubuntu1.3_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim_8.0.1453-1ubuntu1.3_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim_8.1.0875-5ubuntu2.1_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim_8.1.0875-5ubuntu2.1_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim-gui-common_7.4.1689-3ubuntu1.4_all.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim-gui-common_8.0.1453-1ubuntu1.3_all.debLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim-gui-common_8.1.0875-5ubuntu2.1_all.debLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-9.0.0814-17.9.1.x86_64.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-debuginfo-9.0.0814-17.9.1.x86_64.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-data-9.0.0814-17.9.1.noarch.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-data-common-9.0.0814-17.9.1.noarch.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-debugsource-9.0.0814-17.9.1.x86_64.rpmLinux
Vi IMproved - enhanced vi editor (USN-4309-1) vim-gui-common_8.0.1453-1ubuntu1.3_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234