[3.6] vim: Tree length values not validated properly when handling a spell file (CVE-2017-5953)
vim before patch 8.0.0322 does not properly validate values for tree
length when handling a spell file, which may result
in an integer overflow at a memory allocation site and a resultant
buffer overflow.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5953
Patch:
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
(from redmine: issue id 6862, created on 2017-02-15, closed on 2017-02-16)
- Relations:
- parent #6861 (closed)
- Changesets:
- Revision 4a62fb6e by Sergei Lukin on 2017-02-16T07:14:36Z:
main/vim: security upgrade to 8.0.0329 - fixes #6862
CVE-2017-5953: Tree length values not validated properly when handling a spell file