CVE-2005-2368
published 2005-07-26CVE-2005-2368: vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob…
PriorityP337critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.73%
84.2th percentile
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vim | < vim 1:6.3-085+1 (bookworm) | vim 1:6.3-085+1 (bookworm) |
| vim | vim | >= 0 < 1:6.3-085+1 | 1:6.3-085+1 |
| vim | vim | >= 0 < 1:6.3-085+1 | 1:6.3-085+1 |
| vim | vim | >= 0 < 1:6.3-085+1 | 1:6.3-085+1 |
| vim | vim | >= 0 < 1:6.3-085+1 | 1:6.3-085+1 |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
| vim_development_group | vim | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w427-f3fp-6x6x: vim 6
ghsa_unreviewed·2022-05-01
CVE-2005-2368 [HIGH] CWE-78 GHSA-w427-f3fp-6x6x: vim 6
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
OSV
CVE-2005-2368: vim 6
osv·2005-07-26·CVSS 9.3
CVE-2005-2368 [CRITICAL] CVE-2005-2368: vim 6
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
Red Hat
security flaw
vendor_redhat·2005-07-25·CVSS 9.3
CVE-2005-2368 [CRITICAL] security flaw
security flaw
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
Debian
CVE-2005-2368: vim - vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted at...
vendor_debian·2005·CVSS 9.3
CVE-2005-2368 [CRITICAL] CVE-2005-2368: vim - vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted at...
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
Scope: local
bookworm: resolved (fixed in 1:6.3-085+1)
bullseye: resolved (fixed in 1:6.3-085+1)
forky: resolved (fixed in 1:6.3-085+1)
sid: resolved (fixed in 1:6.3-085+1)
trixie: resolved (fixed in 1:6.3-085+1)
No detection rules found.
No public exploits indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.htmlhttp://www.guninski.com/where_do_you_want_billg_to_go_today_5.htmlhttp://www.redhat.com/support/errata/RHSA-2005-745.htmlhttp://www.securityfocus.com/bid/14374https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11302http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.htmlhttp://www.guninski.com/where_do_you_want_billg_to_go_today_5.htmlhttp://www.redhat.com/support/errata/RHSA-2005-745.htmlhttp://www.securityfocus.com/bid/14374https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11302
2005-07-26
Published