Headline
CVE-2023-4736: patch 9.0.1833: [security] runtime file fixes · vim/vim@816fbcc
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Commit
Permalink
Browse files
Browse the repository at this point in the history
patch 9.0.1833: [security] runtime file fixes
Problem: runtime files may execute code in current dir Solution: only execute, if not run from current directory
The perl, zig and ruby filetype plugins and the zip and gzip autoload plugins may try to load malicious executable files from the current working directory. This is especially a problem on windows, where the current directory is implicitly in your $PATH and windows may even run a file with the extension `.bat` because of $PATHEXT.
So make sure that we are not trying to execute a file from the current directory. If this would be the case, error out (for the zip and gzip) plugins or silently do not run those commands (for the ftplugins).
This assumes, that only the current working directory is bad. For all other directories, it is assumed that those directories were intentionally set to the $PATH by the user.
Signed-off-by: Christian Brabandt [email protected]
- Loading branch information
Related news
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.