An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
{ "vanir_signatures": [ { "id": "CVE-2017-6350-45004407", "signature_type": "Function", "target": { "file": "src/undo.c", "function": "unserialize_uep" }, "deprecated": false, "digest": { "length": 1005.0, "function_hash": "286491319355190101028972904969148719587" }, "signature_version": "v1", "source": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75" }, { "id": "CVE-2017-6350-a4d6db68", "signature_type": "Line", "target": { "file": "src/version.c" }, "deprecated": false, "digest": { "line_hashes": [ "146200493773228420153804765641940418619", "136613725602200377973631259761223677009", "282512205939074534309079704841984673574", "111386225882856820865261122546594448029" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75" }, { "id": "CVE-2017-6350-cd0bdf47", "signature_type": "Line", "target": { "file": "src/undo.c" }, "deprecated": false, "digest": { "line_hashes": [ "289108561216949500740151287674977158828", "194331739710074178445419108733655364803", "56555780346878005066323392529368040127", "17654039463023166988009170897248578708", "79334838808671219938700096094665296728", "164266566388636007425373668548842938289", "98099726582984529493909519202975347143", "173534883637788049095517056064200278591", "176631206886677703576570526280540820505", "190112476072864408762687844683950551196", "169700040885030606809190026883422222851", "207415418245936541918473735204759619403", "307149350828111327855601206950795001537" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75" } ] }