A remote attacker could exploit this flaw to execute arbitrary code with elevated privileges. This update fixes the following issue: - In a vulnerable configuration, when opening a remote malicious repository, it was possible for an attacker to cause the get_one_sourceline() function to crash, resulting in a denial of service. In addition, this update fixes the following non-security issues: - When closing a tab, it was possible for the function get_vim_one_window_nr() to crash. - When deleting a tab, it was possible for the function get_vim_one_window_nr() to crash. - When closing a window, it was possible for the function get_vim_one_window_nr() to crash. - When switching branches, it was possible for the function get_vim_one_window_nr() to crash. - When switching from one branch to another, it was possible for the function get_vim_one_window_nr() to crash. - When deleting a file, it was possible for the function get_vim_one_window_nr() to crash. - When closing a window, it was possible for the function get_vim_one_window_nr() to crash. - When switching branches, it was possible for the function get_vim_one_window_nr() to crash. - When switching from one branch to another, it was possible for the function get_vim_one_window_nr

Non-security issues fixed:

- When closing a tab, it was possible for the function get_vim_one_window_nr() to crash. - When deleting a tab, it was possible for the function get_vim_one_window_nr() to crash. - When closing a window, it was possible for the function get_vim_one_window_nr() to crash. - When switching branches, it was possible for the function get_vim_one
unused parameter
to crash.

Fixed in Vim 8.0.0

This update fixes these issues.

Description of the vulnerability

A remote attacker could exploit this flaw to execute arbitrary code with elevated privileges. The vulnerability is triggered when opening a remote malicious repository. An attacker could exploit this vulnerability by creating a malicious repository that they could control and then tricking someone into opening it in a vulnerable configuration. For example, an attacker could create a malicious repository named "evil-repository" and specify the command "git clone evil-repository". When the user opens the repository, a shell will be spawned to execute commands on the current system.

Timeline

Published on: 03/30/2022 19:15:00 UTC
Last modified on: 08/26/2022 20:20:00 UTC

References