vulnerability

Debian: CVE-2018-11319: vim-syntastic -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

May 20, 2018

Added

Aug 4, 2018

Modified

Mar 30, 2026

Description

Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed.

Solution

debian-upgrade-vim-syntastic

References

CVE-2018-11319
https://attackerkb.com/topics/CVE-2018-11319
CWE-22
DEBIAN-DSA-4261
EUVD-EUVD-2018-3357
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-3357

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report