Volerion logoVolerion
Volerion logoVolerion

Vim Tar Plugin Code Execution Vulnerability

Vulnerability

A code execution vulnerability has been identified in Vim versions prior to 9.1.1164, specifically within the tar.vim plugin. This plugin, which facilitates the editing and viewing of tar files, has a flaw that allows shell commands to be executed via specially crafted tar archives. The vulnerability arises because the plugin appends file names directly from the tar archive to the command line without proper sanitization. Exploitation depends on the user's shell environment.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution.

Reproduction

To reproduce this vulnerability, a tar file must be created with a file name that includes a command to be executed. This tar file should then be opened in Vim using the tar.vim plugin. The plugin will read the file names from the tar archive and execute any embedded commands, taking advantage of the lack of input validation.

Remediation

Users can update to Vim version 9.1.1164 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
7.5
exploitability
5.4
remediation
7.7
relevance
0.0
threat
4.8
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.