Skip to main content

Vim CVE-2017-1000382

MEDIUM
Information Exposure (CWE-200)
2017-10-31 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 31, 2017 - 20:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

AnalysisAI

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. Affected products include: Vim. Version information: version 8.0.1187.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Vim

View all
CVE-2022-3520 CRITICAL POC
9.8 Dec 02

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. Rated critical severity (CVSS 9.8), this vuln

CVE-2022-0729 HIGH POC
8.8 Feb 23

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. Rated high severity (CVSS 8.8), this

CVE-2026-34714 HIGH POC
8.6 Mar 30

{expr} payload embedded in a modeline to be evaluated even when the protective 'modelineexpr' setting is off (the defaul

CVE-2019-12735 HIGH POC
8.6 Jun 05

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via th

CVE-2021-3968 HIGH POC
8.0 Nov 19

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 8.0), this vulnerability is remotely exploita

CVE-2023-4735 HIGH POC
7.8 Sep 02

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. Rated high severity (CVSS 7.8), this vulnerability i

CVE-2023-4781 HIGH POC
7.8 Sep 05

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Rated high severity (CVSS 7.8), this vulnerab

CVE-2023-4734 HIGH POC
7.8 Sep 02

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Rated high severity (CVSS 7.8), this vuln

CVE-2023-4733 HIGH POC
7.8 Sep 04

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2023-4750 HIGH POC
7.8 Sep 04

Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no

CVE-2023-4736 HIGH POC
7.8 Sep 02

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. Rated high severity (CVSS 7.8), this vulnerability

CVE-2023-2610 HIGH POC
7.8 May 09

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Rated high severity (CVSS 7.8), this vuln

Share

CVE-2017-1000382 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy