VDB

DEBIAN-CVE-2017-1000382

DEBIAN-CVE-2017-1000382 PUBLISHED CVSS 5.5 MEDIUM

VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

Risk Scores

CVSS 3.0
5.5
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:14vim9.2.0218-1, 0, 9.1.1230-2
Debian:13vim*, 2:9.2.0218-1, 2:9.2.0315-1
Debian:12vim2:9.1.0698-1, 2:9.1.0709-1, 2:9.1.0709-2
Debian:11vim0, 8.2.2434-3, 8.2.2434-3

Exploit Intelligence

Timeline

  • Oct 31, 2017 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›