getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "vim", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-athena", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-athena-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-athena-py2", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-athena-py2-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-common", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-common-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-doc", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gnome", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gnome-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gnome-py2", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gnome-py2-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk-py2", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk-py2-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk3", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk3-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk3-py2", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gtk3-py2-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-gui-common", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-nox", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-nox-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-nox-py2", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-nox-py2-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-runtime", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-tiny", "binary_version": "2:7.4.1689-3ubuntu1.3" }, { "binary_name": "vim-tiny-dbgsym", "binary_version": "2:7.4.1689-3ubuntu1.3" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "vim", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-athena", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-athena-dbgsym", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-common", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-dbgsym", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-doc", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-gnome", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-gtk", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-gtk-dbgsym", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-gtk3", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-gtk3-dbgsym", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-gui-common", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-nox", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-nox-dbgsym", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-runtime", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-tiny", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "vim-tiny-dbgsym", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "xxd", "binary_version": "2:8.0.1453-1ubuntu1.1" }, { "binary_name": "xxd-dbgsym", "binary_version": "2:8.0.1453-1ubuntu1.1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "neovim", "binary_version": "0.2.2-3ubuntu0.1~esm1" }, { "binary_name": "neovim-dbgsym", "binary_version": "0.2.2-3ubuntu0.1~esm1" }, { "binary_name": "neovim-runtime", "binary_version": "0.2.2-3ubuntu0.1~esm1" } ] }