2349561 – (CVE-2025-27423) CVE-2025-27423 vim: Improper Input Validation in Vim

Bug 2349561 (CVE-2025-27423) - CVE-2025-27423 vim: Improper Input Validation in Vim

Summary: CVE-2025-27423 vim: Improper Input Validation in Vim

Keywords:
Status:	NEW
Alias:	CVE-2025-27423
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2349738 2349739
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-03 17:01 UTC by OSIDB Bzimport
Modified:	2025-03-07 10:44 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-03 17:01:45 UTC

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164

Note You need to log in before you can comment on or make changes to this bug.