PublicDateAtUSN: 2017-02-10 Candidate: CVE-2017-5953 PublicDate: 2017-02-10 07:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953 https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY https://ubuntu.com/security/notices/USN-4016-1 https://ubuntu.com/security/notices/USN-4309-1 Description: vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. Ubuntu-Description: Notes: Bugs: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854969 Priority: low Discovered-by: Assigned-to: leosilva CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_vim: upstream: https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d upstream_vim: released (2:8.0.0197-2) precise_vim: ignored (reached end-of-life) precise/esm_vim: released (2:7.3.429-2ubuntu2.3) trusty_vim: ignored (reached end-of-life) trusty/esm_vim: released (2:7.4.052-1ubuntu3.1+esm1) vivid/stable-phone-overlay_vim: ignored (reached end-of-life) vivid/ubuntu-core_vim: ignored (reached end-of-life) xenial_vim: released (2:7.4.1689-3ubuntu1.3) esm-infra/xenial_vim: released (2:7.4.1689-3ubuntu1.3) yakkety_vim: ignored (reached end-of-life) zesty_vim: ignored (reached end-of-life) artful_vim: not-affected (2:8.0.0197-4ubuntu5) bionic_vim: not-affected (2:8.0.1144-1ubuntu1) cosmic_vim: not-affected (2:8.0.1144-1ubuntu1) disco_vim: not-affected (2:8.0.1144-1ubuntu1) eoan_vim: not-affected (2:8.0.1144-1ubuntu1) devel_vim: not-affected (2:8.0.1144-1ubuntu1) Patches_neovim: upstream: https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d upstream_neovim: released (0.1.7-4) precise_neovim: DNE precise/esm_neovim: DNE trusty_neovim: DNE trusty/esm_neovim: DNE xenial_neovim: DNE bionic_neovim: not-affected (0.2.2-3) cosmic_neovim: not-affected (0.2.2-3) disco_neovim: not-affected (0.2.2-3) eoan_neovim: not-affected (0.2.2-3) devel_neovim: not-affected (0.2.2-3)