Main Vulnerability Database SB2023090140

SB2023090140 - Untrusted search path in Vim

Published: September 1, 2023

Security Bulletin ID SB2023090140

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Untrusted search path (CVE-ID: CVE-2023-4736)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of an untrusted search path when searching for perl, zig, ruby filetype plugins as well as zip and gzip autoload plugins. A remote attacker can trick the victim into downloading specially crafted files and opening one of the downloaded files using the affected software.

Successful exploitation of the vulnerability may lead to remote code execution.

Remediation

Install update from vendor's website.

References

https://github.com/vim/vim/releases/tag/v9.0.1833