Home

CVE-2019-12735

Description

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
66.838

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-12735 are affected in Vim 8.1.1364Windows
Vi IMproved - enhanced vi editor (USN-4016-1) vim_7.4.1689-3ubuntu1.3_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim_7.4.1689-3ubuntu1.3_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim_8.0.1453-1ubuntu1.1_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim_8.0.1453-1ubuntu1.1_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim_8.0.1766-1ubuntu1.1_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim_8.0.1766-1ubuntu1.1_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim_8.1.0320-1ubuntu3.1_i386.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim_8.1.0320-1ubuntu3.1_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim-gui-common_7.4.1689-3ubuntu1.3_all.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim-gui-common_8.0.1453-1ubuntu1.1_all.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim-gui-common_8.0.1766-1ubuntu1.1_all.debLinux
Vi IMproved - enhanced vi editor (USN-4016-1) vim-gui-common_8.1.0320-1ubuntu3.1_all.debLinux
heavily refactored vim fork (USN-4016-2) neovim_0.3.1-1ubuntu0.1_i386.debLinux
heavily refactored vim fork (USN-4016-2) neovim_0.3.1-1ubuntu0.1_amd64.debLinux
heavily refactored vim fork (USN-4016-2) neovim_0.3.4-1ubuntu0.19.04.1_i386.debLinux
heavily refactored vim fork (USN-4016-2) neovim_0.3.4-1ubuntu0.19.04.1_amd64.debLinux
heavily refactored vim fork (USN-4016-2) neovim-runtime_0.3.1-1ubuntu0.1_all.debLinux
heavily refactored vim fork (USN-4016-2) neovim-runtime_0.3.4-1ubuntu0.19.04.1_all.debLinux
vim security update(DSA-4467-1) vim_8.0.0197-4+deb9u2_i386.debLinux
vim security update(DSA-4467-1) vim_8.0.0197-4+deb9u2_amd64.debLinux
SUSE-SU-2019:1456-1(SUSE Linux Enterprise Desktop 12-SP4 ) gvim-7.4.326-17.3.1.x86_64.rpmLinux
SUSE-SU-2019:1456-1(SUSE Linux Enterprise Desktop 12-SP3 ) gvim-debuginfo-7.4.326-17.3.1.x86_64.rpmLinux
SUSE-SU-2019:1456-1(SUSE Linux Enterprise Desktop 12-SP3 ) vim-data-7.4.326-17.3.1.noarch.rpmLinux
SUSE-SU-2019:1456-1(SUSE Linux Enterprise Desktop 12-SP3 ) vim-debugsource-7.4.326-17.3.1.x86_64.rpmLinux
neovim security update(DSA-4487-1) neovim_0.1.7-4+deb9u1_i386.debLinux
neovim security update(DSA-4487-1) neovim_0.1.7-4+deb9u1_amd64.debLinux
(RHSA-2019:1619) vim security update vim-X11-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619) vim security update vim-common-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619) vim security update vim-debugsource-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619) vim security update vim-enhanced-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619) vim security update vim-filesystem-8.0.1763-11.el8_0.noarch.rpmLinux
(RHSA-2019:1619) vim security update vim-minimal-8.0.1763-11.el8_0.x86_64.rpmLinux
Vim-common update (ELSA-2019-1619) vim-common-8.0.1763-11.el8_0.x86_64.rpmLinux
Vim-enhanced update (ELSA-2019-1619) vim-enhanced-8.0.1763-11.el8_0.x86_64.rpmLinux
Vim-minimal update (ELSA-2019-1619) vim-minimal-8.0.1763-11.el8_0.x86_64.rpmLinux
Vim-X11 update (ELSA-2019-1619) vim-X11-8.0.1763-11.el8_0.x86_64.rpmLinux
Vim-filesystem update (ELSA-2019-1619) vim-filesystem-8.0.1763-11.el8_0.noarch.rpmLinux
Vim-common update (ELSA-2019-1619) vim-common-7.4.160-6.el7_6.x86_64.rpmLinux
Vim-enhanced update (ELSA-2019-1619) vim-enhanced-7.4.160-6.el7_6.x86_64.rpmLinux
Vim-filesystem update (ELSA-2019-1619) vim-filesystem-7.4.160-6.el7_6.x86_64.rpmLinux
Vim-minimal update (ELSA-2019-1619) vim-minimal-7.4.160-6.el7_6.x86_64.rpmLinux
Vim-X11 update (ELSA-2019-1619) vim-X11-7.4.160-6.el7_6.x86_64.rpmLinux
(RHSA-2019:1619)Important: security update vim-X11-debuginfo-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619)Important: security update vim-common-debuginfo-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619)Important: security update vim-debuginfo-7.4.160-6.el7_6.x86_64.rpmLinux
(RHSA-2019:1619)Important: security update vim-debuginfo-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619)Important: security update vim-enhanced-debuginfo-8.0.1763-11.el8_0.x86_64.rpmLinux
(RHSA-2019:1619)Important: security update vim-minimal-debuginfo-8.0.1763-11.el8_0.x86_64.rpmLinux
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2019-12735)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234