Vulnerabilities > CVE-2017-6350 - Integer Overflow or Wraparound vulnerability in VIM

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
vim
CWE-190
critical
nessus

Summary

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Vulnerable Configurations

Part Description Count
Application
Vim
5464

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1148.NASL
    descriptionAccording to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.(CVE-2017-6350) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-08-08
    plugin id102235
    published2017-08-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102235
    titleEulerOS 2.0 SP1 : vim (EulerOS-SA-2017-1148)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102235);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-6350"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : vim (EulerOS-SA-2017-1148)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the vim packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerability :
    
      - An integer overflow at an unserialize_uep memory
        allocation site would occur for vim before patch
        8.0.0378, if it does not properly validate values for
        tree length when reading a corrupted undo file, which
        may lead to resultant buffer overflows.(CVE-2017-6350)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1148
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?62a24c9b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected vim package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-X11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["vim-X11-7.4.160-2.h3",
            "vim-common-7.4.160-2.h3",
            "vim-enhanced-7.4.160-2.h3",
            "vim-filesystem-7.4.160-2.h3",
            "vim-minimal-7.4.160-2.h3"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-788.NASL
    descriptionThis update for vim fixes the following issues : Security issues fixed : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed : - Speed up YAML syntax highlighting (bsc#1018870) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-07-07
    plugin id101285
    published2017-07-07
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/101285
    titleopenSUSE Security Update : vim (openSUSE-2017-788)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-788.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101285);
      script_version("3.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-5953", "CVE-2017-6349", "CVE-2017-6350");
    
      script_name(english:"openSUSE Security Update : vim (openSUSE-2017-788)");
      script_summary(english:"Check for the openSUSE-2017-788 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for vim fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2017-5953: Fixed a possible overflow with corrupted
        spell file (bsc#1024724)
    
      - CVE-2017-6350: Fixed a possible overflow when reading a
        corrupted undo file (bsc#1027053)
    
      - CVE-2017-6349: Fixed a possible overflow when reading a
        corrupted undo file (bsc#1027057)
    
    Non security issues fixed :
    
      - Speed up YAML syntax highlighting (bsc#1018870)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1018870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1024724"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027057"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected vim packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvim-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vim-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"gvim-7.4.326-10.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"gvim-debuginfo-7.4.326-10.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"vim-7.4.326-10.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"vim-data-7.4.326-10.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"vim-debuginfo-7.4.326-10.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"vim-debugsource-7.4.326-10.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gvim / gvim-debuginfo / vim / vim-data / vim-debuginfo / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4309-1.NASL
    descriptionIt was discovered that Vim incorrectly handled certain sources. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS (CVE-2017-1110) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. (CVE-2017-5953) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786) It was discovered that Vim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-20079) It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. (CVE-2017-6349, CVE-2017-6350). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2020-03-24
    plugin id134856
    published2020-03-24
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134856
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : vim vulnerabilities (USN-4309-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4309-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134856);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/25");
    
      script_cve_id("CVE-2017-1110", "CVE-2017-11109", "CVE-2017-5953", "CVE-2017-6349", "CVE-2017-6350", "CVE-2018-20786", "CVE-2019-20079");
      script_xref(name:"USN", value:"4309-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : vim vulnerabilities (USN-4309-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Vim incorrectly handled certain sources. An
    attacker could possibly use this issue to cause a denial of service.
    This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu
    16.04 LTS (CVE-2017-1110)
    
    It was discovered that Vim incorrectly handled certain files. An
    attacker could possibly use this issue to execute arbitrary code. This
    issue only affected Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
    (CVE-2017-5953)
    
    It was discovered that Vim incorrectly handled certain inputs. An
    attacker could possibly use this issue to cause a denial of service.
    This issue only affected Ubuntu 16.06 LTS. (CVE-2018-20786)
    
    It was discovered that Vim incorrectly handled certain inputs. An
    attacker could possibly use this issue to cause a denial of service or
    execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
    Ubuntu 19.10. (CVE-2019-20079)
    
    It was discovered that Vim incorrectly handled certain files. An
    attacker could possibly use this issue to execute arbitrary code. This
    issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu
    16.04 LTS. (CVE-2017-6349, CVE-2017-6350).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4309-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-gui-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:vim-runtime");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"vim", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"vim-common", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"vim-gui-common", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"vim-runtime", pkgver:"2:7.4.1689-3ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"vim", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"vim-common", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"vim-gui-common", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"vim-runtime", pkgver:"2:8.0.1453-1ubuntu1.3")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"vim", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"vim-common", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"vim-gui-common", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"vim-runtime", pkgver:"2:8.1.0875-5ubuntu2.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim / vim-common / vim-gui-common / vim-runtime");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-8494D0142C.NASL
    descriptionThe newest upstream commit, CVE-2017-6350 vim: Integer overflow at an unserialize_uep memory allocation site, CVE-2017-6349 vim: Integer overflow at a u_read_undo memory allocation site Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-03
    plugin id97501
    published2017-03-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97501
    titleFedora 25 : 2:vim (2017-8494d0142c)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-850.NASL
    descriptionBrief introduction CVE-2017-6349 An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. CVE-2017-6350 An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. For Debian 7
    last seen2020-03-17
    modified2017-03-10
    plugin id97641
    published2017-03-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97641
    titleDebian DLA-850-1 : vim security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1149.NASL
    descriptionAccording to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.(CVE-2017-6350) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-08-08
    plugin id102236
    published2017-08-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102236
    titleEulerOS 2.0 SP2 : vim (EulerOS-SA-2017-1149)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0007_VIM.NASL
    descriptionAn update of the vim package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121674
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121674
    titlePhoton OS 1.0: Vim PHSA-2017-0007
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-E9171A0C00.NASL
    descriptionThe newest upstream commit, CVE-2017-6350 vim: Integer overflow at an unserialize_uep memory allocation site, CVE-2017-6349 vim: Integer overflow at a u_read_undo memory allocation site Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-03-06
    plugin id97542
    published2017-03-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97542
    titleFedora 24 : 2:vim (2017-e9171a0c00)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201706-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201706-26 (Vim, gVim: Remote execution of arbitrary code) Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted spell file using Vim or gVim, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id101021
    published2017-06-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101021
    titleGLSA-201706-26 : Vim, gVim: Remote execution of arbitrary code
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0007.NASL
    descriptionAn update of [vim] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111856
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111856
    titlePhoton OS 1.0: Vim PHSA-2017-0007 (deprecated)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-809.NASL
    descriptionAn integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. (CVE-2017-6350) An integer overflow flaw was found in the way vim handled undo files. This bug could result in vim crashing when trying to process corrupted undo files.(CVE-2017-6349) vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. (CVE-2017-5953)
    last seen2020-06-01
    modified2020-06-02
    plugin id99036
    published2017-03-30
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99036
    titleAmazon Linux AMI : vim (ALAS-2017-809)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1712-1.NASL
    descriptionThis update for vim fixes the following issues: Security issues fixed : - CVE-2017-5953: Fixed a possible overflow with corrupted spell file (bsc#1024724) - CVE-2017-6350: Fixed a possible overflow when reading a corrupted undo file (bsc#1027053) - CVE-2017-6349: Fixed a possible overflow when reading a corrupted undo file (bsc#1027057) Non security issues fixed : - Speed up YAML syntax highlighting (bsc#1018870) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101108
    published2017-06-29
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101108
    titleSUSE SLED12 / SLES12 Security Update : vim (SUSE-SU-2017:1712-1)