CLSA-2026-1774525825
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1774525825.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1774525825
- Upstream
- Published
- 2026-03-27T12:31:14Z
- Modified
- 2026-06-01T00:33:09.956228595Z
- Summary
- vim: Fix of 2 CVEs
- Details
-
- CVE-2026-28417: fix OS command injection in netrw plugin via crafted scp:// URIs by adding strict RFC1123 hostname validation and using shellescape() for hostname and port values.
- CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery by adding bounds checks on pepagecount, pebnum, peoldlnum and peline_count before descending into the block tree.
- References
Affected packages
TuxCare:CentOS:7 / vim-X11
Package
- Name
- vim-X11
- Purl
- pkg:rpm/tuxcare/vim-X11?distro=centos-7
TuxCare:CentOS:7 / vim-common
Package
- Name
- vim-common
- Purl
- pkg:rpm/tuxcare/vim-common?distro=centos-7
TuxCare:CentOS:7 / vim-enhanced
Package
- Name
- vim-enhanced
- Purl
- pkg:rpm/tuxcare/vim-enhanced?distro=centos-7
TuxCare:CentOS:7 / vim-filesystem
Package
- Name
- vim-filesystem
- Purl
- pkg:rpm/tuxcare/vim-filesystem?distro=centos-7