CVE-2017-5953 — Integer Overflow or Wraparound in Neovim

CWE-190 — Integer Overflow or Wraparound11 documents7 sources

Severity

9.8CRITICALNVD

OSV7.8

EPSS

0.9%

top 24.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian Neovim Debian VIM

Timeline

PublishedFeb 10

Latest updateMay 14

Description

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶debiandebian/vim< neovim 0.1.7-4 (bookworm)

▶debiandebian/neovim< neovim 0.1.7-4 (bookworm)

▶Debianvim/vim< 2:8.0.0197-2+3

▶Ubuntuvim/vim< 2:7.4.1689-3ubuntu1.4+4

▶NVDvim/vim8.0.0055

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-j83f-g7mr-qg5h: vim before patch 8↗2022-05-14

▶

OSV

vim vulnerabilities↗2020-03-23

▶

OSV

vim vulnerabilities↗2019-06-11

▶

OSV

CVE-2017-5953: vim before patch 8↗2017-02-10

▶

📋Vendor Advisories

Ubuntu

Vim vulnerabilities↗2020-03-23

▶

Ubuntu

Vim vulnerabilities↗2019-06-11

▶

Red Hat

vim: Tree length values not validated properly when handling a spell file↗2017-02-08

▶

Debian

CVE-2017-5953: neovim - vim before patch 8.0.0322 does not properly validate values for tree length when...↗2017

▶

💬Community

Bugzilla

CVE-2017-5953 vim: Tree length values not validated properly when handling a spell file↗2017-02-13

▶

Bugzilla

CVE-2017-5953 vim: Tree length values not validated properly when handling a spell file [fedora-all]↗2017-02-13

▶