We found results for “”
WS-2017-3752
Good to know:
Date: December 19, 2017
In vim, v7.0b to v8.0.1408 there is a use of “snprintf()” function without additional validation of input’s length and destination array’s length, that can be risky by nature, and can result buffer overflow by accessing data beyond the boundaries of an array.
Language: C
Severity Score
Severity Score
Weakness Type (CWE)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-120Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | ADJACENT_NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | HIGH |