A vulnerability, which was classified as critical, has been found in Vim and Neovim (Word Processing Software). Affected by this issue is an unknown code of the file getchar.c of the component Modeline. The manipulation with an unknown input leads to a os command injection vulnerability. Using CWE to declare the problem leads to CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. CVE summarizes:

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

The weakness was presented 06/05/2019 (Website). The advisory is shared for download at securityfocus.com. This vulnerability is handled as CVE-2019-12735 since 06/05/2019. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1202.

The commercial vulnerability scanner Qualys is able to test this issue with plugin 197491 (Ubuntu Security Notification for Vim Vulnerabilities (USN-4016-1)).

Upgrading to version 8.1.1365 eliminates this vulnerability.

See 96800 for similar entry.

Productinfo

Type

• Word Processing Software

Name

• Neovim
• Vim

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion