Thursday, September 28, 2017

VIM and NVD Vulnerability

Greetings;

The National Vulnerability Database (NVD) lists a high vulnerability for VIM 8.0. https://nvd.nist.gov/vuln/detail/CVE-2017-11109
Vim 8.0 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted source (aka -S) file.
NOTE: there might be a limited number of scenarios in which this has security relevance.


Unfortunately, the info provided in the CVE does not specify if it is only the initial release 8.0 or the subsequent patched versions that are vulnerable. I have searched the VIM website readme and other documents but can't find the answer, so I am turning to you. I appreciate your assistance. Is the current version still vulnerable to the issue noted above or has this been remediated in the patch updates?

Best regards,
Susanne Ramsey


--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments: