Home > Vulnerability Database > WS-2017-3752

Mend.io Vulnerability Database

WS-2017-3752

Good to know:

Date: December 19, 2017

In vim, v7.0b to v8.0.1408 there is a use of “snprintf()” function without additional validation of input’s length and destination array’s length, that can be risky by nature, and can result buffer overflow by accessing data beyond the boundaries of an array.

Language: C

Severity Score

6.5

Related Resources (2)

Url: https://github.com/vim/vim/commit/132f75255ecea17ff621f71236568c5d8d8e0163

Url: https://www.mend.io/vulnerability-database/WS-2017-3752

Severity Score

6.5

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version v8.0.0530

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2017-3752

Good to know:

Date: December 19, 2017

Language: C

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?