vulnerability

Debian: CVE-2018-11319: vim-syntastic -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	May 20, 2018	Aug 4, 2018	Aug 15, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

May 20, 2018

Added

Aug 4, 2018

Modified

Aug 15, 2025

Description

Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a directory that is a parent of the base directory of the project being checked. NOTE: exploitation is more difficult after 3.8.0 because filename prediction may be needed.

Solution

debian-upgrade-vim-syntastic

References

CVE-2018-11319
https://attackerkb.com/topics/CVE-2018-11319
CWE-22
DEBIAN-DSA-4261

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today