#VU33447 Integer overflow


Published: 2017-02-27 | Updated: 2020-08-04

Vulnerability identifier: #VU33447

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6349

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Mitigation
Install update from vendor's website.

External links
http://www.securityfocus.com/bid/96451
http://www.securitytracker.com/id/1037949
http://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
http://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA
http://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y
http://security.gentoo.org/glsa/201706-26
http://usn.ubuntu.com/4309-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for vim
Gentoo update for Vim, gVim
Integer overflow in neovim (Alpine package)
Amazon Linux AMI update for vim