CVE-2017-6350

🗓️ 27 Feb 2017 07:25:00Reported by mitreType

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. NV

Reporter	Title	Published	Views	Family All 83
Amazon	Low: vim	29 Mar 201700:00	–	amazon
Tenable Nessus	Amazon Linux AMI : vim (ALAS-2017-809)	30 Mar 201700:00	–	nessus
Tenable Nessus	Debian DLA-850-1 : vim security update	10 Mar 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : vim (EulerOS-SA-2017-1148)	8 Aug 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : vim (EulerOS-SA-2017-1149)	8 Aug 201700:00	–	nessus
Tenable Nessus	Fedora 25 : 2:vim (2017-8494d0142c)	3 Mar 201700:00	–	nessus
Tenable Nessus	Fedora 24 : 2:vim (2017-e9171a0c00)	6 Mar 201700:00	–	nessus
Tenable Nessus	GLSA-201706-26 : Vim, gVim: Remote execution of arbitrary code	23 Jun 201700:00	–	nessus
Tenable Nessus	openSUSE Security Update : vim (openSUSE-2017-788)	7 Jul 201700:00	–	nessus
Tenable Nessus	Photon OS 1.0: Vim PHSA-2017-0007 (deprecated)	17 Aug 201800:00	–	nessus

NVD

Node

vim vimRange≤8.0.0377

Source	Link
securitytracker	www.securitytracker.com/id/1037949
github	www.github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75
securityfocus	www.securityfocus.com/bid/96448
usn	www.usn.ubuntu.com/4309-1/
groups	www.groups.google.com/forum/
groups	www.groups.google.com/forum/
security	www.security.gentoo.org/glsa/201706-26

13 May 2026 00:24Current

8.6High risk

Vulners AI Score8.6

CVSS 27.5

CVSS 39.8

EPSS0.01106

CWE-190