CVE-2005-2368
vim - modeline exploits
EPSS 1.5%
Description
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
How to fix CVE-2005-2368
To remediate CVE-2005-2368, upgrade the affected package to a fixed version below.
- Debian/vim—upgrade to 1:6.3-085+1 or later
- Debian/vim—upgrade to 1:6.3-085+0.0etch1 or later
Is CVE-2005-2368 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:6.3-085+1
- from 0, < 1:6.3-085+0.0etch1