Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2017-6350

Published: August 31, 2023Last modified: August 31, 2023

Description

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Severity score breakdown

ParameterValue
Base score9.8
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSvimNot affected (9.0.0999-r0)
StreamvimNot affected (9.0.1676-r0)

References

ON THIS PAGE