6.8
CVSSv2

CVE-2017-11109

Published: 08/07/2017 Updated: 03/08/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Vim 8.0 allows malicious users to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

vim vim 8.0

Vendor Advisories

Debian Bug report logs - #867720 CVE-2017-11109 Package: src:vim; Maintainer for src:vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 8 Jul 2017 21:42:02 UTC Severity: important Tags: security, upstream Found in versions vim/2:800197-4, vim/2 ...
Arch Linux Security Advisory ASA-201707-19 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : gvim Type : arbitrary code execution Remote : No Link : securityarchlinuxorg/AVG-347 Summary ======= The package gvim before version 800722-1 is vulnerable to arbitrary co ...
Arch Linux Security Advisory ASA-201707-22 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : vim Type : arbitrary code execution Remote : No Link : securityarchlinuxorg/AVG-347 Summary ======= The package vim before version 800722-1 is vulnerable to arbitrary code ...
Vim 80 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file NOTE: there might be a limited number of scenarios in which this has security relevance ...
Vim 80 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file ...
Oracle Solaris Third Party Bulletin - July 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...