Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3432 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VIM

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

22.5%

top 4.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

VIM Debian VIM

Timeline

PublishedOct 10

Latest updateMay 3

Description

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDvim/vim6.2, 6.3+1

▶debiandebian/vim

Patches

Patch: lists.apple.com ↗Patch: www.securityfocus.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-2fqm-grvm-7h89: Heap-based buffer overflow in the mch_expand_wildcards function in os_unix↗2022-05-03

▶

💥Exploits & PoCs

Exploit-DB

Vim - 'mch_expand_wildcards()' Heap Buffer Overflow↗2005-01-29

▶

📋Vendor Advisories

Debian

CVE-2008-3432: vim - Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in ...↗2008

▶

Red Hat

vim: heap buffer overflow in mch_expand_wildcards()↗2005-01-29

▶

💬Community

Bugzilla

CVE-2008-3432 vim: heap buffer overflow in mch_expand_wildcards()↗2008-07-15

▶