CVE-2008-3432
published 2008-10-10CVE-2008-3432: Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via…
PriorityP343medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.62%
94.4th percentile
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vim | — | — |
| vim | vim | — | — |
| vim | vim | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2008-3432: vim - Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in ...
vendor_debian·2008·CVSS 6.8
CVE-2008-3432 [MEDIUM] CVE-2008-3432: vim - Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in ...
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
vim: heap buffer overflow in mch_expand_wildcards()
vendor_redhat·2005-01-29·CVSS 6.8
CVE-2008-3432 [MEDIUM] CWE-122 vim: heap buffer overflow in mch_expand_wildcards()
vim: heap buffer overflow in mch_expand_wildcards()
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
GHSA
GHSA-2fqm-grvm-7h89: Heap-based buffer overflow in the mch_expand_wildcards function in os_unix
ghsa_unreviewed·2022-05-03
CVE-2008-3432 [MEDIUM] CWE-119 GHSA-2fqm-grvm-7h89: Heap-based buffer overflow in the mch_expand_wildcards function in os_unix
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
No detection rules found.
ftp://ftp.vim.org/pub/vim/patches/6.2.429ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://secunia.com/advisories/32222http://secunia.com/advisories/32858http://secunia.com/advisories/33410http://support.apple.com/kb/HT3216http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmhttp://www.openwall.com/lists/oss-security/2008/07/15/4http://www.openwall.com/lists/oss-security/2008/08/01/1http://www.redhat.com/support/errata/RHSA-2008-0617.htmlhttp://www.securityfocus.com/archive/1/502322/100/0/threadedhttp://www.securityfocus.com/bid/30648http://www.securityfocus.com/bid/31681http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlhttp://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2009/0033http://www.vupen.com/english/advisories/2009/0904https://bugzilla.redhat.com/show_bug.cgi?id=455455https://exchange.xforce.ibmcloud.com/vulnerabilities/44722https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987ftp://ftp.vim.org/pub/vim/patches/6.2.429ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://secunia.com/advisories/32222http://secunia.com/advisories/32858http://secunia.com/advisories/33410http://support.apple.com/kb/HT3216http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmhttp://www.openwall.com/lists/oss-security/2008/07/15/4http://www.openwall.com/lists/oss-security/2008/08/01/1http://www.redhat.com/support/errata/RHSA-2008-0617.htmlhttp://www.securityfocus.com/archive/1/502322/100/0/threadedhttp://www.securityfocus.com/bid/30648http://www.securityfocus.com/bid/31681http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlhttp://www.vupen.com/english/advisories/2008/2780http://www.vupen.com/english/advisories/2009/0033http://www.vupen.com/english/advisories/2009/0904https://bugzilla.redhat.com/show_bug.cgi?id=455455https://exchange.xforce.ibmcloud.com/vulnerabilities/44722https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987
2008-10-10
Published