[vuxml] editors/vim: document CVE-2008-3432

Eygene Ryabinkin rea-fbsd at codelabs.ru
Sun Nov 30 08:30:54 PST 2008

>Submitter-Id:	current-users
>Originator:	Eygene Ryabinkin
>Organization:	Code Labs
>Confidential:	no 
>Synopsis:	[vuxml] editors/vim: document CVE-2008-3432
>Severity:	non-critical
>Priority:	medium
>Category:	ports
>Class:		sw-bug
>Release:	FreeBSD 7.0-STABLE amd64

System: FreeBSD 7.0-STABLE amd64


There is CVE-2008-3432 that addresses the heap-based buffer overflow in
vim 6.2 and 6.3.  While these are rather dated, someone might still be
using them.




The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
  <vuln vid="">
    <topic>vim -- heap-based overflow while parsing shell metacharacters</topic>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Description for CVE-2008-3432 says:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432">
	<p>Heap-based buffer overflow in the mch_expand_wildcards
	function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted
	attackers to execute arbitrary code via shell metacharacters
	in filenames, as demonstrated by the netrw.v3 test case.</p>
--- vuln.xml ends here ---

More information about the freebsd-vuxml mailing list