9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
74.2%
Jan Minar reports:
Applying the ``D’’ to a file with a crafted file name,
or inside a directory with a crafted directory name, can
lead to arbitrary code execution.
Lack of sanitization throughout Netrw can lead to arbitrary
code execution upon opening a directory with a crafted
name.
The Vim Netrw Plugin shares the FTP user name and password
across all FTP sessions. Every time Vim makes a new FTP
connection, it sends the user name and password of the
previous FTP session to the FTP server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | vim | = 7.0 | UNKNOWN |
FreeBSD | any | noarch | vim | < 7.2 | UNKNOWN |
FreeBSD | any | noarch | vim-console | = 7.0 | UNKNOWN |
FreeBSD | any | noarch | vim-console | < 7.2 | UNKNOWN |
FreeBSD | any | noarch | vim-lite | = 7.0 | UNKNOWN |
FreeBSD | any | noarch | vim-lite | < 7.2 | UNKNOWN |
FreeBSD | any | noarch | vim-gtk2 | = 7.0 | UNKNOWN |
FreeBSD | any | noarch | vim-gtk2 | < 7.2 | UNKNOWN |
FreeBSD | any | noarch | vim-gnome | = 7.0 | UNKNOWN |
FreeBSD | any | noarch | vim-gnome | < 7.2 | UNKNOWN |