Main Vulnerability Database Vulnerabilities #VU80227

#VU80227 Untrusted search path in Vim - CVE-2023-4736

Published: September 1, 2023 / Updated: October 4, 2023

Vulnerability identifier: #VU80227

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-4736

CWE-ID: CWE-426

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Vim

Software vendor:
Vim.org

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of an untrusted search path when searching for perl, zig, ruby filetype plugins as well as zip and gzip autoload plugins. A remote attacker can trick the victim into downloading specially crafted files and opening one of the downloaded files using the affected software.

Successful exploitation of the vulnerability may lead to remote code execution.

Remediation

Install updates from vendor's website.

External links

https://github.com/vim/vim/releases/tag/v9.0.1833

#VU80227 Untrusted search path in Vim - CVE-2023-4736

Description

Remediation

External links

Please verify you're human