We found results for “”
WS-2016-7084
Good to know:
Date: July 17, 2016
In vim, v7.4.2049 to v7.4.2063 there is buffer overflow vulnerability that occurs due to the use of “STRCAT()”, that is considered to be less secure than “vim_strcat()”. Also, there aren’t any additional validations in order to bridge the gap of the insecure function.
Language: C
Severity Score
Severity Score
Weakness Type (CWE)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-120Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | ADJACENT_NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | HIGH |