Updated: 2023-11-04 20:06:32.340908
Description:
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2023:1695319372 | 2023-10-17 14:11:49 |
| CloudLinux 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2023:1695319637 | 2023-10-17 14:11:50 |
| Oracle Linux 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2023:1695319769 | 2023-09-21 17:14:30 |
| Ubuntu 16.04 ELS | vim | 7.4.1689-3 | 7.8 | HIGH | Released | CLSA-2023:1695320045 | 2023-09-21 17:14:28 |
The environment variable PATH has to be crafted manually to contain the "./" current path, in order to exploit the vulnerability. This environment variable setting makes the system widely vulnerable and should not be used. To avoid this vulnerability don't use the current path in the PATH variable.