ID CVE-2017-5953
Summary vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
References
Vulnerable Configurations
  • Vim 8.0.0055
    cpe:2.3:a:vim:vim:8.0.0055
CVSS
Base: 7.5 (as of 15-02-2017 - 10:30)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0006_VIM.NASL
    description An update of the vim package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121673
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121673
    title Photon OS 1.0: Vim PHSA-2017-0006
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-26.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-26 (Vim, gVim: Remote execution of arbitrary code) Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted spell file using Vim or gVim, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-06-23
    plugin id 101021
    published 2017-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101021
    title GLSA-201706-26 : Vim, gVim: Remote execution of arbitrary code
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1712-1.NASL
    description This update for vim fixes the following issues: Security issues fixed : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed : - Speed up YAML syntax highlighting (bsc#1018870) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101108
    published 2017-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101108
    title SUSE SLED12 / SLES12 Security Update : vim (SUSE-SU-2017:1712-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-595FEC72EF.NASL
    description The newest upstream commit, fixing CVE-2017-5953 vim: Tree length values not validated properly when handling a spell file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-27
    plugin id 97168
    published 2017-02-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97168
    title Fedora 25 : 2:vim (2017-595fec72ef)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-280.NASL
    description This update for vim fixes the following issues : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724)
    last seen 2019-02-21
    modified 2017-02-27
    plugin id 97289
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97289
    title openSUSE Security Update : vim (openSUSE-2017-280)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1034.NASL
    description According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248) - vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.(CVE-2017-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99879
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99879
    title EulerOS 2.0 SP2 : vim (EulerOS-SA-2017-1034)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1033.NASL
    description According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248) - vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.(CVE-2017-5953) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99878
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99878
    title EulerOS 2.0 SP1 : vim (EulerOS-SA-2017-1033)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-809.NASL
    description An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. (CVE-2017-6350) An integer overflow flaw was found in the way vim handled undo files. This bug could result in vim crashing when trying to process corrupted undo files.(CVE-2017-6349) vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. (CVE-2017-5953)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 99036
    published 2017-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99036
    title Amazon Linux AMI : vim (ALAS-2017-809)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-788.NASL
    description This update for vim fixes the following issues : Security issues fixed : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed : - Speed up YAML syntax highlighting (bsc#1018870) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2017-07-07
    plugin id 101285
    published 2017-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101285
    title openSUSE Security Update : vim (openSUSE-2017-788)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3786.NASL
    description Editor spell files passed to the vim (Vi IMproved) editor may result in an integer overflow in memory allocation and a resulting buffer overflow which potentially could result in the execution of arbitrary code or denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97135
    published 2017-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97135
    title Debian DSA-3786-1 : vim - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-9B2CF468D5.NASL
    description The newest upstream commit, fixing CVE-2017-5953 vim: Tree length values not validated properly when handling a spell file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-28
    plugin id 97426
    published 2017-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97426
    title Fedora 24 : 2:vim (2017-9b2cf468d5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-822.NASL
    description A vulnerability has been discovered in Vim where a malformed spell file could cause an integer overflow which is used as the size for memory allocation, resulting in a subsequent buffer overflow. For Debian 7 'Wheezy', these problems have been fixed in version 2:7.3.547-7+deb7u2. We recommend that you upgrade your vim packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 97106
    published 2017-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97106
    title Debian DLA-822-1 : vim security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1775-1.NASL
    description This update for vim fixes the following issues : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 101228
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101228
    title SUSE SLES11 Security Update : vim (SUSE-SU-2017:1775-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0006.NASL
    description An update of [linux,vim] packages for PhotonOS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111855
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111855
    title Photon OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)
refmap via4
bid 96217
confirm
debian DSA-3786
gentoo GLSA-201706-26
Last major update 28-02-2017 - 21:59
Published 10-02-2017 - 02:59
Last modified 13-08-2018 - 17:47
Back to Top