[VIM] Hyper Estraier

security curmudgeon jericho at attrition.org
Fri Jul 21 18:38:47 EDT 2006

Secunia (21049) & CVE (2006-3671) reported a CSRF vuln in Hyper Estraier. 
Information came from the following changelog:


2006-07-13  Mikio Hirabayashi  <mikio at users.sourceforge.net>
* estmaster.c (communicate): a CSRF vulnerability was cleared.


However, a few more entries stand out:

   * estmaster.c (sendnodecmdsearch): a bug of race condition was fixed.

   * estnode.c (est_get_host_addr): a bug about race confition of threads
     was fixed.

   * estnode.c (est_url_shuttle_impl): a bug of memory leak was fixed.

   * estraier.c (est_idx_size): a bug about overflow was fixed.

The two race conditions are too vague for creating an entry solely off the 
above text in my opinion. "memory leak" is always iffy as it could be 
anything from a slow exhaustion of resources to disclosure of information. 
But typically an overflow is worth pointing out.

More information about the VIM mailing list