[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.4] vim: Lack of validation of values for few options results in code exection (CVE-2016-1248)

ID: oval:org.secpod.oval:def:1800916Date: (C)2018-03-29   (M)2024-02-19
Class: PATCHFamily: unix




A vulnerability was found in Vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is due to lack of validation of values for a few options. Those options" values are then used in Vim"s scripts to build a command string that"s evaluated by :execute, which is what allows the shell commands to be run. Fixed In Version: vim 8.0.0056.

Platform:
Alpine Linux 3.4
Product:
vim
Reference:
6501
CVE-2016-1248
CVE    1
CVE-2016-1248
CPE    2
cpe:/a:vim:vim
cpe:/o:alpinelinux:alpine_linux:3.4

© SecPod Technologies