Unrated severityNVD Advisory· Published Oct 10, 2008· Updated Apr 23, 2026
CVE-2008-3432
CVE-2008-3432
Description
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/31681nvdPatch
- secunia.com/advisories/32222nvdVendor Advisory
- support.apple.com/kb/HT3216nvdVendor Advisory
- ftp.vim.org/pub/vim/patches/6.2.429nvd
- ftp.vim.org/pub/vim/patches/6.3/6.3.059nvd
- secunia.com/advisories/32858nvd
- secunia.com/advisories/33410nvd
- support.avaya.com/elmodocs2/security/ASA-2009-001.htmnvd
- www.openwall.com/lists/oss-security/2008/07/15/4nvd
- www.openwall.com/lists/oss-security/2008/08/01/1nvd
- www.redhat.com/support/errata/RHSA-2008-0617.htmlnvd
- www.securityfocus.com/archive/1/502322/100/0/threadednvd
- www.securityfocus.com/bid/30648nvd
- www.vmware.com/security/advisories/VMSA-2009-0004.htmlnvd
- www.vupen.com/english/advisories/2008/2780nvd
- www.vupen.com/english/advisories/2009/0033nvd
- www.vupen.com/english/advisories/2009/0904nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/44722nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11203nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5987nvd
News mentions
0No linked articles in our index yet.