CVE-2019-12735

NONE EPSS 97.0%
Published Jun 5, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 5, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Threat Intelligence

EPSS Exploit Probability
97.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 2

VendorProductVersionRange
vimvim* <8.1.1365
neovimneovim* <0.3.6

References 32

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.html
  • securityfocus.com http://www.securityfocus.com/bid/108724
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:1619
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:1774
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:1793
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:1947
  • bugs.debian.org https://bugs.debian.org/930020
    Mailing ListThird Party Advisory
  • bugs.debian.org https://bugs.debian.org/930024
    Mailing ListThird Party Advisory
  • github.com https://github.com/neovim/neovim/pull/10082
    PatchThird Party Advisory
  • github.com https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
    ExploitPatchThird Party Advisory
  • github.com https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
    PatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2019/08/msg00003.html
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/
  • lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/
  • seclists.org https://seclists.org/bugtraq/2019/Jul/39
  • seclists.org https://seclists.org/bugtraq/2019/Jun/33
  • security.gentoo.org https://security.gentoo.org/glsa/202003-04
  • support.f5.com https://support.f5.com/csp/article/K93144355
  • support.f5.com https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp%3Butm_medium=RSS
  • support.f5.com https://support.f5.com/csp/article/K93144355?utm_source=f5support&amp;utm_medium=RSS
  • usn.ubuntu.com https://usn.ubuntu.com/4016-1/
  • usn.ubuntu.com https://usn.ubuntu.com/4016-2/
  • debian.org https://www.debian.org/security/2019/dsa-4467
  • debian.org https://www.debian.org/security/2019/dsa-4487
  • exploit-db.com https://www.exploit-db.com/exploits/46973

Remediation

  • github.com https://github.com/neovim/neovim/pull/10082
    PatchThird Party Advisory
  • github.com https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
    ExploitPatchThird Party Advisory
  • github.com https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
    PatchThird Party Advisory