CVE-2008-3074 — OS Command Injection in VIM

CWE-78 — OS Command Injection CWE-94 — Code Injection12 documents6 sources

Severity

9.3CRITICALNVD

EPSS

2.7%

top 14.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM VIM Tar.vim +1 more

Timeline

PublishedFeb 21

Latest updateMay 1

Description

The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because o…

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶NVDvim/zipplugin.vim11 versions+10

▶debiandebian/vim< vim 2:7.2.010-1 (bookworm)

▶Debianvim/vim< 2:7.2.010-1+3

▶NVDvim/vim6 versions+5

▶NVDvim/tar.vim13 versions+12

Patches

Patch: www.openwall.com ↗Patch: www.rdancer.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-rj5h-39v8-hch3: The shellescape function in Vim 7↗2022-05-01

▶

GHSA

GHSA-wqmg-q854-x6x6: The shellescape function in Vim 7↗2022-05-01

▶

OSV

CVE-2008-3074: The shellescape function in Vim 7↗2009-02-21

▶

OSV

CVE-2008-3075: The shellescape function in Vim 7↗2009-02-21

▶

📋Vendor Advisories

Red Hat

plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-07-15

▶

Red Hat

plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-07-15

▶

Debian

CVE-2008-3074: vim - The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-...↗2008

▶

Debian

CVE-2008-3075: vim - The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-...↗2008

▶

💬Community

Bugzilla

CVE-2008-3075 Vim zip.vim plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-10-17

▶

Bugzilla

CVE-2008-3074 Vim tar.vim plugin: improper Implementation of shellescape() (arbitrary code execution)↗2008-10-17

▶