CVE-2009-0316VIM vulnerability

6 documents6 sources
Severity
6.9MEDIUMNVD
EPSS
0.2%
top 57.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
VIMDebian VIM
Timeline
PublishedJan 28
Latest updateMay 2

Description

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

debiandebian/vim< vim 2:7.2.025-2 (bookworm)
Debianvim/vim< 2:7.2.025-2+3
NVDvim/vim7.2+20

🔴Vulnerability Details

2
GHSA
GHSA-x433-429v-9473: Untrusted search path vulnerability in src/if_python2022-05-02
OSV
CVE-2009-0316: Untrusted search path vulnerability in src/if_python2009-01-28

📋Vendor Advisories

2
Debian
CVE-2009-0316: vim - Untrusted search path vulnerability in src/if_python.c in the Python interface i...2009
Red Hat
vim: untrusted python modules search path2008-08-06

💬Community

1
Bugzilla
CVE-2009-0316 vim: untrusted python modules search path2009-01-26