ALPINE-CVE-2017-5953

ALPINE-CVE-2017-5953 PUBLISHED CVSS 9.800000190734863 CRITICAL

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

Risk Scores

CVSS 3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.22	vim	0, 7.2.411-r0, 7.3-r0
Alpine:v3.12	vim	8.0.0187-r0, 0, 7.2.284-r0
Alpine:v3.10	vim	0, 8.0.0187-r0, 8.0.0178-r0
Alpine:v3.13	vim	0, 7.2.284-r0, 7.2.394-r0
Alpine:v3.19	vim	7.4.943-r0, 0, 8.0.0187-r0
Alpine:v3.20	vim	7.3.661-r0, 7.3.659-r0, 7.3.600-r0
Alpine:v3.2	vim	7.4.712-r1, 0, 7.2.284-r0
Alpine:v3.17	vim	8.0.0008-r0, 8.0.0003-r0, 7.4.943-r2
Alpine:v3.4	vim	7.3.434-r0, 7.2.284-r0, 7.2.394-r1
Alpine:v3.8	vim	8.0.0027-r0, 0, 8.0.0187-r0
Alpine:v3.14	vim	7.4.1225-r0, 7.2.284-r0, 7.2.394-r1
Alpine:v3.21	vim	7.4-r1, 7.4-r2, 7.4.1225-r0
Alpine:v3.11	vim	7.3.266-r0, 8.0.0008-r0, 7.3.112-r1
Alpine:v3.9	vim	8.0.0056-r0, 7.4-r2, 7.3.661-r0
Alpine:v3.16	vim	8.0.0178-r0, 0, 8.0.0187-r0
Alpine:v3.3	vim	7.2.411-r0, 7.2.394-r0, 0
Alpine:v3.15	vim	7.2.411-r0, 0, 7.2.284-r0
Alpine:v3.5	vim	7.4.2028-r0, 7.4.1831-r1, 7.4.1831-r0
Alpine:v3.18	vim	7.4.943-r2, 7.3.266-r0, 7.3.206-r1
Alpine:v3.7	vim	7.4.1831-r0, 7.2.394-r0, 7.2.394-r1

…and 2 more

Exploit Intelligence

glcve_test.go (github-poc)

Timeline

Feb 10, 2017 CVE Published
Apr 30, 2026 Distribution Patch
Jun 15, 2026 CVE Updated

References

https://security.alpinelinux.org/vuln/CVE-2017-5953 advisory

Open in Interactive Console →