What is CVE-2019-12735?

CVE-2019-12735 is a vulnerability in N/a. Published 2019-06-05.

Is CVE-2019-12735 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-12735

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

EPSS: 0.541 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
github.com/neovim/neovim/pull/10082
bugs.debian.org/930020
bugs.debian.org/930024
FEDORA-2019-d79f89346c (vendor-advisory)
USN-4016-1 (vendor-advisory)
USN-4016-2 (vendor-advisory)
108724 (vdb-entry)
FEDORA-2019-dcd49378b8 (vendor-advisory)

Frequently asked questions

What is CVE-2019-12735?: CVE-2019-12735 is a vulnerability in N/a. Published 2019-06-05.
Is CVE-2019-12735 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.