SB20260529235 - openEuler 24.03 LTS SP1 update for vim
Published: May 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2026-42307)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary shell commands.
The vulnerability exists due to improper neutralization of special elements used in an OS command in the netrw standard plugin function s:GetTempfile() when processing crafted local or remote URLs. A remote attacker can trick the victim into opening a crafted URL to execute arbitrary shell commands.
User interaction is required to open a crafted URL, and the injected payload is typically visible in the filename.
2) OS Command Injection (CVE-ID: CVE-2026-44656)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary shell commands.
The vulnerability exists due to command injection in the :find command-line completion path when processing a file with a modeline that sets the 'path' option to include backtick-enclosed shell commands and the user triggers file name completion. A remote attacker can supply a crafted file to execute arbitrary shell commands.
User interaction is required to open the crafted file and trigger completion, and exploitation via modeline requires the 'modeline' feature to be enabled.
3) Heap-based buffer overflow (CVE-ID: CVE-2026-45130)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to heap-based buffer overflow in read_compound() in src/spellfile.c when loading a crafted .spl spell file with UTF-8 encoding active. A remote attacker can trick the victim into opening a text file with a crafted modeline or otherwise cause Vim to load a planted spell file to cause a denial of service.
User interaction is required, and exploitation requires a malicious .spl file to be present on the runtimepath while UTF-8 encoding is active.
4) OS Command Injection (CVE-ID: CVE-2026-46483)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to execute arbitrary shell commands.
The vulnerability exists due to improper neutralization of special elements in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives via :Vimuntar on Unix-like systems. A remote attacker can supply a crafted archive filename to execute arbitrary shell commands.
User interaction is required to open the crafted file and invoke the non-routine :Vimuntar command, and only Unix-like systems with the tar plugin enabled are vulnerable.
Remediation
Install update from vendor's website.