¡¾·ì϶¹«¸æ¡¿Vim modeline ɳÏäÈƹýºÅÁîÖ´Ðзì϶(CVE-2026-34982)

°ä²¼¹¦·ò 2026-04-02

Ò»¡¢¡¢·ì϶¸ÅÊö


·ì϶Ãû³Æ

Vim modeline ɳÏäÈƹýºÅÁîÖ´Ðзì϶

CVE   ID

CVE-2026-34982

·ì϶ÀàÐÍ

ºÅÁîÖ´ÐÐ

·¢ÏÖ¹¦·ò

2026-4-2

·ì϶ÆÀ·Ö

8.8

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

±¾µØ

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


VimÊÇÒ»¿î¿í·ºÊ¹ÓõĿªÔ´Îı¾±à×ëÆ÷£¬£¬£¬Ö§³Ö¶àƽ̨ÔËÐУ¬£¬£¬¾ß±¸¸ßЧ±à×ë¡¢¡¢¾ç±¾À©´ó¼°·á˶²å¼þÉú̬µÈ¸öÐÔ¡£¡£¡£Æämodeline¡¢¡¢autocmdµÈ»úÖÆ¿ÉʵÏÖ×Ô¶¯»¯ÅäÖÃÓëÐÐΪ½ÚÖÆ£¬£¬£¬¿í·ºÀûÓÃÓÚ¿ª·¢¡¢¡¢ÔËά¼°ÏµÍ³ÖÎÀí³¡¾°£¬£¬£¬ÊÇÀàUnixϵͳÖеÄÖ÷Ì⹤¾ßÖ®Ò»¡£¡£¡£


2026Äê4ÔÂ2ÈÕ£¬£¬£¬OG¶«·½Ìü°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Vim modeline ɳÏäÈƹýºÅÁîÖ´Ðзì϶¡£¡£¡£¸Ã·ì϶´æÔÚÓÚmodeline½âÎö»úÖƼ°ÓйØÑ¡ÏîʵÏÖÖУ¬£¬£¬ÓÉÓÚcomplete¡¢¡¢guitabtooltipºÍprintheaderµÈÑ¡ÏîδÕýÈ·ÉèÖÃP_MLE»òP_SECURE°²È«±êÖ¾£¬£¬£¬µ¼ÖÂmodeline°²È«²é³­±»Èƹý¡£¡£¡£Í¬Ê±£¬£¬£¬mapset()º¯Êý¶Ìȱcheck_secure()УÑ飬£¬£¬Ê¹¹¥»÷Õß¿ÉÔÚÊÜÏÞ»·¾³ÖÐÖ´ÐжñÒâ±í°×ʽ¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý»ú¹ØÌØÖÆÎļþÓÕµ¼Óû§´ò¿ª£¬£¬£¬´Ó¶øÔÚ±¾µØÖ´ÐÐËÁÒâ²Ù×÷ϵͳºÅÁ£¬£¬»ñÈ¡Óû§È¨ÏÞ²¢½øÒ»²½½ÚÖÆϵͳ¡£¡£¡£¸Ã·ì϶¿ÉÄÜÎ¥·´ÆóÒµÖն˰²È«¼°Êý¾Ý±£»£»£»¤ÓйغϹæÒªÇ󣬣¬£¬¶Ô¿ª·¢»·¾³¼°ÔËάÖ÷»ú°²È«×é³ÉÑÏÖØÍþв¡£¡£¡£


¶þ¡¢¡¢Ó°ÏìÁìÓò


Vim < 9.2.0276


Èý¡¢¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


¹Ù·½ÒÑ°ä²¼ÐÞ¸´²¹¶¡£¬£¬£¬ÒÔÐÞ¸´¸Ã·ì϶¡£¡£¡£
Vim >= 9.2.0276


ÏÂÔØÁ´½Ó£ºhttps://github.com/vim/vim/tags/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£¡£¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9/