Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2017-6349First vendor Publication2017-02-27
VendorCveLast vendor Modification2018-08-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6349

CWE : Common Weakness Enumeration

%idName
100 %CWE-190Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application5476

Nessus® Vulnerability Scanner

DateDescription
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0007.nasl - Type : ACT_GATHER_INFO
2018-06-28Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1171.nasl - Type : ACT_GATHER_INFO
2017-07-07Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-788.nasl - Type : ACT_GATHER_INFO
2017-06-29Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-1712-1.nasl - Type : ACT_GATHER_INFO
2017-06-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201706-26.nasl - Type : ACT_GATHER_INFO
2017-03-30Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2017-809.nasl - Type : ACT_GATHER_INFO
2017-03-10Name : The remote Debian host is missing a security update.
File : debian_DLA-850.nasl - Type : ACT_GATHER_INFO
2017-03-06Name : The remote Fedora host is missing a security update.
File : fedora_2017-e9171a0c00.nasl - Type : ACT_GATHER_INFO
2017-03-03Name : The remote Fedora host is missing a security update.
File : fedora_2017-8494d0142c.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/96451
GENTOO https://security.gentoo.org/glsa/201706-26
MISC https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA
https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y
SECTRACK http://www.securitytracker.com/id/1037949

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
DateInformations
2018-11-30 12:09:05
  • Multiple Updates
2018-08-14 00:19:34
  • Multiple Updates
2018-05-25 12:08:11
  • Multiple Updates
2017-12-21 12:05:13
  • Multiple Updates
2017-07-17 17:22:27
  • Multiple Updates
2017-07-14 12:02:15
  • Multiple Updates
2017-07-08 13:24:44
  • Multiple Updates
2017-07-01 09:23:58
  • Multiple Updates
2017-06-30 13:24:09
  • Multiple Updates
2017-06-24 13:23:30
  • Multiple Updates
2017-03-31 13:22:46
  • Multiple Updates
2017-03-11 13:21:08
  • Multiple Updates
2017-03-07 13:24:56
  • Multiple Updates
2017-03-04 13:26:24
  • Multiple Updates
2017-03-02 09:19:54
  • Multiple Updates
2017-02-28 09:22:57
  • Multiple Updates
2017-02-27 12:00:26
  • First insertion