CVE-2017-11109

Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
vimvim
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bullseye
2:8.2.2434-3+deb11u1
fixed
bookworm
2:9.0.1378-2
fixed
sid
2:9.1.0777-1
fixed
trixie
2:9.1.0777-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 2:7.4.1689-3ubuntu1.4
released
trusty
Fixed 2:7.4.052-1ubuntu3.1+esm1
released
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1468492
https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
https://usn.ubuntu.com/4309-1/
https://bugzilla.redhat.com/show_bug.cgi?id=1468492
https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
https://usn.ubuntu.com/4309-1/