CVE-2019-12735
published 2019-06-05CVE-2019-12735: getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as…
PriorityP267high8.6CVSS 3.0
AVLACLPRNUIRSCCHIHAH
EXPLOIT
EPSS
19.11%
97.0th percentile
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | neovim | < neovim 0.3.4-3 (bookworm) | neovim 0.3.4-3 (bookworm) |
| debian | vim | < neovim 0.3.4-3 (bookworm) | neovim 0.3.4-3 (bookworm) |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_vim_8.1.0388-7_on_cbl_mariner_1.0 | — | — |
| neovim | neovim | < 0.3.6 | 0.3.6 |
| neovim | neovim | >= 0 < 0.3.4-3 | 0.3.4-3 |
| neovim | neovim | >= 0 < 0.3.4-3 | 0.3.4-3 |
| neovim | neovim | >= 0 < 0.3.4-3 | 0.3.4-3 |
| neovim | neovim | >= 0 < 0.3.4-3 | 0.3.4-3 |
| paloalto | pan-os | — | — |
| vim | vim | < 8.1.1365 | 8.1.1365 |
| vim | vim | >= 0 < 2:8.1.0875-4 | 2:8.1.0875-4 |
| vim | vim | >= 0 < 2:8.1.0875-4 | 2:8.1.0875-4 |
| vim | vim | >= 0 < 2:8.1.0875-4 | 2:8.1.0875-4 |
| vim | vim | >= 0 < 2:8.1.0875-4 | 2:8.1.0875-4 |
| vim | vim | >= 0 < 2:7.4.1689-3ubuntu1.3 | 2:7.4.1689-3ubuntu1.3 |
| vim | vim | >= 0 < 2:8.0.1453-1ubuntu1.1 | 2:8.0.1453-1ubuntu1.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect modeline strings containing 'source!' (with bang) combined with fold expression options (fdm=expr, fde=) — this is the core exploit pattern bypassing the Vim sandbox. ↗
- →Flag files containing modelines with 'fdm=expr' and 'fde=' set to functions like assert_fails(), execute(), or nvim_input() — these are the known sandbox-escape vectors. ↗
- →Detect terminal escape sequences (\x1b[?7l, \x1bS) at the start of files used to hide malicious modelines from 'cat' output — a concealment technique used in the reverse shell PoC. ↗
- →Monitor for 'nohup nc ... -e /bin/sh' process spawned as a child of vim or nvim processes, indicating successful reverse shell execution via this CVE. ↗
- →The vulnerability requires modeline to be enabled; check for absence of 'set nomodeline' in vimrc. Modeline is enabled by default for non-root users. ↗
- →For Neovim specifically, also look for nvim_input() in modelines as an alternative sandbox-escape function (execute() is blacklisted in Neovim sandbox but nvim_input() is not). ↗
- ·Exploit only triggers if the 'modeline' option is enabled in Vim/Neovim. By default, modeline is DISABLED when running as root, reducing risk for privileged sessions. ↗
- ·RHEL 5, 6, and 7 default installations did not include assert_fails() at time of disclosure, making part 3 of the exploit chain absent; RHEL 8 does contain assert_fails(). ↗
- ·Disabling modelineexpr (Vim-only, since patch 8.1.1366) prevents expressions in modelines as an additional mitigation beyond patching. ↗
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian8.6HIGH
vendor_msrc8.6HIGH
vendor_redhat8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5x93-92vm-jw5m: getchar
ghsa_unreviewed·2022-05-24
CVE-2019-12735 [HIGH] CWE-78 GHSA-5x93-92vm-jw5m: getchar
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
OSV
vim vulnerabilities
osv·2019-06-11·CVSS 9.8
CVE-2017-5953 [CRITICAL] vim vulnerabilities
vim vulnerabilities
It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953)
It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12735)
OSV
CVE-2019-12735: getchar
osv·2019-06-05·CVSS 8.6
CVE-2019-12735 [HIGH] CVE-2019-12735: getchar
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Ubuntu
Neovim vulnerability
vendor_ubuntu·2021-03-15
CVE-2019-12735 Neovim vulnerability
Title: Neovim vulnerability
Summary: Neovim could be made to crash or run programs if it opened a
specially crafted file.
It was discovered that Neovim incorrectly handled certain files. An attacker
could possibly use this issue to cause a denial of service or execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Palo Alto
PAN
vendor_paloalto·2020-04-08·CVSS 6.7
CVE-2019-0139 [MEDIUM] PAN
PAN
Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have a security impact on Palo Alto Networks Products, or the scenarios required for successful
CVEs: CVE-2019-0139, CVE-2019-0140, CVE-2019-0142, CVE-2019-0143, CVE-2019-0144, CVE-2019-0145, CVE-2019-0146, CVE-2019-0147, CVE-2019-0148, CVE-2019-0149, CVE-2019-0150, CVE-2019-11168, CVE-2019-11170, CVE-2019-11171, CVE-2019-11172, CVE-2019-11173, CVE-2019-11174, CVE-2019-11175, CVE-2019-11177, CVE-2019-11178, CVE-2019-11179, CVE-2019-11180, CVE-2019-11181, CVE-2019-11182, CVE-2019-12735, CVE-2019-16905, CVE-2020-0561, CVE-2020-0562, CVE-2020-0563, CVE-2020-0564
Affected products: PAN-OS
Microsoft
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fa
vendor_msrc·2019-06-11·CVSS 8.6
CVE-2019-12735 [HIGH] CWE-78 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fa
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fails or nvim_input in Neovim.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is id
Ubuntu
Vim vulnerabilities
vendor_ubuntu·2019-06-11·CVSS 9.8
CVE-2017-5953 [CRITICAL] Vim vulnerabilities
Title: Vim vulnerabilities
Summary: Several security issues were fixed in Vim.
It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953)
It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12735)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Neovim vulnerability
vendor_ubuntu·2019-06-11·CVSS 8.6
CVE-2019-12735 [HIGH] Neovim vulnerability
Title: Neovim vulnerability
Summary: Neovim could be made to run programs as your login if it
opened a specially crafted file.
It was discovered that Neovim incorrectly handled certain files. An attacker
could possibly use this issue to execute arbitrary code. (CVE-2019-12735)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
vim/neovim: ': source!' command allows arbitrary command execution via modelines
vendor_redhat·2019-06-05·CVSS 8.6
CVE-2019-12735 [HIGH] CWE-94 vim/neovim: ': source!' command allows arbitrary command execution via modelines
vim/neovim: ': source!' command allows arbitrary command execution via modelines
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution.
Statement: To be successfully and automatically triggered when a specially crafted file is opened, this vulnerability requires 3 parts :
1) The `source!` command inability to check if it is running in sandbox mode (the fix commit prevents this)
2) The `modeline` to be enabled (
Debian
CVE-2019-12735: neovim - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers...
vendor_debian·2019·CVSS 8.6
CVE-2019-12735 [HIGH] CVE-2019-12735: neovim - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers...
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Scope: local
bookworm: resolved (fixed in 0.3.4-3)
bullseye: resolved (fixed in 0.3.4-3)
forky: resolved (fixed in 0.3.4-3)
sid: resolved (fixed in 0.3.4-3)
trixie: resolved (fixed in 0.3.4-3)
No detection rules found.
Bugzilla
CVE-2019-12735 vim/neovim: ':source!' command allows arbitrary command execution via modelines
bugzilla·2019-06-07·CVSS 8.6
CVE-2019-12735 [HIGH] CVE-2019-12735 vim/neovim: ':source!' command allows arbitrary command execution via modelines
CVE-2019-12735 vim/neovim: ':source!' command allows arbitrary command execution via modelines
Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the `:source!` command when executed in a sandbox.
This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands when a specially crafted file is opened.
References:
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
Upstream commits:
* vim: https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
* neovim: https://github.com/neovim/neovim/pull/10082/commits/5e611f32841e746932fbcbea292ca502ed9e694b
Discussion:
Created vim tracking bugs for this issue:
Affects: fedora-all [bug 1718312]
---
Created neovim tracking bugs for this issue:
Affects:
Bugzilla
CVE-2019-12735 neovim: vim/neovim: the :source! command allows arbitrary command execution via the modeline [fedora-all]
bugzilla·2019-06-07·CVSS 8.6
CVE-2019-12735 [HIGH] CVE-2019-12735 neovim: vim/neovim: the :source! command allows arbitrary command execution via the modeline [fedora-all]
CVE-2019-12735 neovim: vim/neovim: the :source! command allows arbitrary command execution via the modeline [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: thi
Bugzilla
CVE-2019-12735 neovim: vim/neovim: the :source! command allows arbitrary command execution via the modeline [epel-7]
bugzilla·2019-06-07·CVSS 8.6
CVE-2019-12735 [HIGH] CVE-2019-12735 neovim: vim/neovim: the :source! command allows arbitrary command execution via the modeline [epel-7]
CVE-2019-12735 neovim: vim/neovim: the :source! command allows arbitrary command execution via the modeline [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use
Bugzilla
CVE-2019-12735 neovim: vim/neovim: arbitrary command execution in getchar.c [fedora-all]
bugzilla·2019-06-07·CVSS 8.6
CVE-2019-12735 [HIGH] CVE-2019-12735 neovim: vim/neovim: arbitrary command execution in getchar.c [fedora-all]
CVE-2019-12735 neovim: vim/neovim: arbitrary command execution in getchar.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple support
Bugzilla
CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [fedora-all]
bugzilla·2019-06-07·CVSS 8.6
CVE-2019-12735 [HIGH] CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [fedora-all]
CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.htmlhttp://www.securityfocus.com/bid/108724https://access.redhat.com/errata/RHSA-2019:1619https://access.redhat.com/errata/RHSA-2019:1774https://access.redhat.com/errata/RHSA-2019:1793https://access.redhat.com/errata/RHSA-2019:1947https://bugs.debian.org/930020https://bugs.debian.org/930024https://github.com/neovim/neovim/pull/10082https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.mdhttps://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040https://lists.debian.org/debian-lts-announce/2019/08/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/https://lists.fedoraproject.org/archives/list/[email protected]/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/https://seclists.org/bugtraq/2019/Jul/39https://seclists.org/bugtraq/2019/Jun/33https://security.gentoo.org/glsa/202003-04https://support.f5.com/csp/article/K93144355https://support.f5.com/csp/article/K93144355?utm_source=f5support&utm_medium=RSShttps://usn.ubuntu.com/4016-1/https://usn.ubuntu.com/4016-2/https://www.debian.org/security/2019/dsa-4467https://www.debian.org/security/2019/dsa-4487https://www.exploit-db.com/exploits/46973http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00075.htmlhttp://www.securityfocus.com/bid/108724https://access.redhat.com/errata/RHSA-2019:1619https://access.redhat.com/errata/RHSA-2019:1774https://access.redhat.com/errata/RHSA-2019:1793https://access.redhat.com/errata/RHSA-2019:1947https://bugs.debian.org/930020https://bugs.debian.org/930024https://github.com/neovim/neovim/pull/10082https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.mdhttps://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040https://lists.debian.org/debian-lts-announce/2019/08/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRIRBC2YRGKPAWVRMZS4SZTGGCVRVZPR/https://seclists.org/bugtraq/2019/Jul/39https://seclists.org/bugtraq/2019/Jun/33https://security.gentoo.org/glsa/202003-04https://support.f5.com/csp/article/K93144355https://support.f5.com/csp/article/K93144355?utm_source=f5support&%3Butm_medium=RSShttps://usn.ubuntu.com/4016-1/https://usn.ubuntu.com/4016-2/https://www.debian.org/security/2019/dsa-4467https://www.debian.org/security/2019/dsa-4487
2019-06-05
Published