AmazonALAS-2017-809Low: vim
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.8%
Issue Overview:
An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files. (CVE-2017-6350)
An integer overflow flaw was found in the way vim handled undo files. This bug could result in vim crashing when trying to process corrupted undo files.(CVE-2017-6349)
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. (CVE-2017-5953)
Affected Packages:
vim
Issue Correction:
Run yum update vim to update your system.
New Packages:
i686:
vim-debuginfo-8.0.0503-1.45.amzn1.i686
vim-enhanced-8.0.0503-1.45.amzn1.i686
vim-minimal-8.0.0503-1.45.amzn1.i686
vim-filesystem-8.0.0503-1.45.amzn1.i686
vim-common-8.0.0503-1.45.amzn1.i686
src:
vim-8.0.0503-1.45.amzn1.src
x86_64:
vim-enhanced-8.0.0503-1.45.amzn1.x86_64
vim-filesystem-8.0.0503-1.45.amzn1.x86_64
vim-debuginfo-8.0.0503-1.45.amzn1.x86_64
vim-common-8.0.0503-1.45.amzn1.x86_64
vim-minimal-8.0.0503-1.45.amzn1.x86_64
Additional References
Red Hat: CVE-2017-5953, CVE-2017-6349, CVE-2017-6350
Mitre: CVE-2017-5953, CVE-2017-6349, CVE-2017-6350
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | vim-debuginfo | < 8.0.0503-1.45.amzn1 | vim-debuginfo-8.0.0503-1.45.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | vim-enhanced | < 8.0.0503-1.45.amzn1 | vim-enhanced-8.0.0503-1.45.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | vim-minimal | < 8.0.0503-1.45.amzn1 | vim-minimal-8.0.0503-1.45.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | vim-filesystem | < 8.0.0503-1.45.amzn1 | vim-filesystem-8.0.0503-1.45.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | vim-common | < 8.0.0503-1.45.amzn1 | vim-common-8.0.0503-1.45.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | vim-enhanced | < 8.0.0503-1.45.amzn1 | vim-enhanced-8.0.0503-1.45.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | vim-filesystem | < 8.0.0503-1.45.amzn1 | vim-filesystem-8.0.0503-1.45.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | vim-debuginfo | < 8.0.0503-1.45.amzn1 | vim-debuginfo-8.0.0503-1.45.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | vim-common | < 8.0.0503-1.45.amzn1 | vim-common-8.0.0503-1.45.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | vim-minimal | < 8.0.0503-1.45.amzn1 | vim-minimal-8.0.0503-1.45.amzn1.x86_64.rpm |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.8%