Vulnerability Description
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vim | Vim | <= 8.0.0055 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3786
- http://www.securityfocus.com/bid/96217
- https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9dPatchVendor Advisory
- https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4309-1/
- http://www.debian.org/security/2017/dsa-3786
- http://www.securityfocus.com/bid/96217
- https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9dPatchVendor Advisory
- https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY
- https://security.gentoo.org/glsa/201706-26
- https://usn.ubuntu.com/4016-1/
- https://usn.ubuntu.com/4309-1/
FAQ
What is CVE-2017-5953?
CVE-2017-5953 is a vulnerability with a CVSS score of 9.8 (CRITICAL). vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overf...
How severe is CVE-2017-5953?
CVE-2017-5953 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-5953?
Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim.