Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-3432

Published: 10/10/2008 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Vim

Vulnerability Summary

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted malicious users to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

Vulnerable Product Search on Vulmon Subscribe to Product

vim vim 6.3

vim vim 6.2

Vendor Advisories

Red Hat: Moderate: vim security update
Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix various security issues are now available forRed Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...

Exploits

Exploit DB: Vim - 'mch_expand_wildcards()' Heap Buffer Overflow
source: wwwsecurityfocuscom/bid/30648/info Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application Failed exploit attempts will likely result ...

References

CWE-119http://www.openwall.com/lists/oss-security/2008/07/15/4ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059http://www.securityfocus.com/bid/31681ftp://ftp.vim.org/pub/vim/patches/6.2.429http://www.openwall.com/lists/oss-security/2008/08/01/1http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://support.apple.com/kb/HT3216http://secunia.com/advisories/32222http://secunia.com/advisories/33410http://support.avaya.com/elmodocs2/security/ASA-2009-001.htmhttp://www.redhat.com/support/errata/RHSA-2008-0617.htmlhttp://www.securityfocus.com/bid/30648https://bugzilla.redhat.com/show_bug.cgi?id=455455http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlhttp://www.vupen.com/english/advisories/2009/0904http://www.vupen.com/english/advisories/2009/0033http://www.vupen.com/english/advisories/2008/2780http://secunia.com/advisories/32858https://exchange.xforce.ibmcloud.com/vulnerabilities/44722https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203http://www.securityfocus.com/archive/1/502322/100/0/threadedhttps://access.redhat.com/errata/RHSA-2008:0617https://nvd.nist.govhttps://www.exploit-db.com/exploits/32225/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook