CVE-2017-6350

Published: Feb 27, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

GLSA-201706-26

vendor-advisory

x_refsource_GENTOO

1037949

vdb-entry

x_refsource_SECTRACK

https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75

x_refsource_MISC

https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q

x_refsource_MISC

96448

vdb-entry

x_refsource_BID

https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y

x_refsource_MISC

USN-4309-1

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-6350

Description

Affected Products

References