Your submission was sent successfully! Close

CVE-2019-12735

Published: 5 June 2019

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

From the Ubuntu security team

It was discovered that Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

Notes

AuthorNote
leosilva
neither precise/esm or trusty/esm seems to be
affected. The POC was not reproducible in these
releases
Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
neovim
Launchpad, Ubuntu, Debian
bionic Needed

cosmic
Released (0.3.1-1ubuntu0.1)
disco
Released (0.3.4-1ubuntu0.19.04.1)
eoan Not vulnerable
(0.3.4-2)
focal Not vulnerable
(0.3.4-2)
groovy Not vulnerable
(0.3.4-2)
hirsute Not vulnerable
(0.3.4-2)
impish Not vulnerable
(0.3.4-2)
jammy Not vulnerable
(0.3.4-2)
precise Does not exist

trusty Does not exist

upstream
Released (0.3.6)
xenial Does not exist

vim
Launchpad, Ubuntu, Debian
bionic
Released (2:8.0.1453-1ubuntu1.1)
cosmic
Released (2:8.0.1766-1ubuntu1.1)
disco
Released (2:8.1.0320-1ubuntu3.1)
eoan
Released (2:8.1.0875-4ubuntu1)
focal
Released (2:8.1.0875-4ubuntu1)
groovy
Released (2:8.1.0875-4ubuntu1)
hirsute
Released (2:8.1.0875-4ubuntu1)
impish
Released (2:8.1.0875-4ubuntu1)
jammy
Released (2:8.1.0875-4ubuntu1)
precise Not vulnerable

trusty Not vulnerable

upstream
Released (8.1.1365)
xenial
Released (2:7.4.1689-3ubuntu1.3)