Vulnerability Details : CVE-2017-5953
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2017-5953
Probability of exploitation activity in the next 30 days: 1.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-5953
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-5953
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5953
-
https://usn.ubuntu.com/4309-1/
USN-4309-1: Vim vulnerabilities | Ubuntu security notices
-
https://security.gentoo.org/glsa/201706-26
Vim, gVim: Remote execution of arbitrary code (GLSA 201706-26) — Gentoo security
-
https://usn.ubuntu.com/4016-1/
USN-4016-1: Vim vulnerabilities | Ubuntu security notices
-
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
patch 8.0.0322: possible overflow with corrupted spell file · vim/vim@399c297 · GitHubPatch;Vendor Advisory
-
https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY
suspicious integer overflow in src/spellfile.c:1607 - Google Groepen
-
http://www.debian.org/security/2017/dsa-3786
Debian -- Security Information -- DSA-3786-1 vim
-
http://www.securityfocus.com/bid/96217
Vim CVE-2017-5953 Local Integer Overflow Vulnerability
Products affected by CVE-2017-5953
- cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*