CVE-2007-2438 — VIM vulnerability

8 documents7 sources

Severity

7.6HIGHNVD

EPSS

3.5%

top 12.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM VIM Development Group VIM

Timeline

PublishedMay 2

Latest updateMay 1

Description

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/vim< vim 1:7.1-022+1 (bookworm)

▶Debianvim/vim< 1:7.1-022+1+3

▶NVDvim_development_group/vim7.0

🔴Vulnerability Details

GHSA

GHSA-x2f5-352x-j9w7: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execu↗2022-05-01

▶

OSV

CVE-2007-2438: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execu↗2007-05-02

▶

📋Vendor Advisories

Ubuntu

vim vulnerability↗2007-05-23

▶

Red Hat

vim-7 modeline security issue↗2007-04-26

▶

Debian

CVE-2007-2438: vim - The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedke...↗2007

▶

💬Community

Bugzilla

CVE-2007-2438 vim-7 modeline security issue↗2007-05-02

▶

Bugzilla

CVE-2007-2438 vim-7 modeline security issue↗2007-04-28

▶