Heap-based Buffer Overflow in vim/vim
Description
A heap-based buffer overflow in Vim's status line rendering function, triggered by an overly long buffer name, could lead to denial of service or arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-based buffer overflow in Vim's status line rendering function, triggered by an overly long buffer name, could lead to denial of service or arbitrary code execution.
Vulnerability
The vulnerability is a heap-based buffer overflow in Vim's status line rendering function, specifically in the win_redr_status function. The root cause is the use of STRCPY without bounds checking when appending buffer status indicators such as "[Help]", "[Preview]", "[+]", or "[RO]". If a buffer name is very long, the status line buffer can be overflown. The issue was introduced prior to Vim 8.2.3487 [3].
Exploitation
An attacker would need to supply a specially crafted long buffer name to Vim, for example by opening a file with an extremely long path or buffer name. The overflow occurs during status line redraw, which can be triggered repeatedly by the user opening such a file, scrolling, or other operations that trigger status line updates. No special network access or authentication is required—local exploitation is sufficient.
Impact
A heap-based buffer overflow can lead to memory corruption, causing Vim to crash (denial of service) and potentially allowing arbitrary code execution in the context of the Vim process. The PR mentions "illegal memory access if buffer name is very long" [3], and the Gentoo advisory [4] describes the worst impact as denial of service.
Mitigation
A fix for Vim 8.2.3487 was committed to the Vim repository on GitHub [3]. Users should upgrade to Vim 8.2.3487 or later. The Gentoo security advisory [4] recommends upgrading to Vim 9.0.0060 or higher. No workaround is available for unpatched versions.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
44- osv-coords42 versionspkg:rpm/almalinux/vim-commonpkg:rpm/almalinux/vim-enhancedpkg:rpm/almalinux/vim-filesystempkg:rpm/almalinux/vim-minimalpkg:rpm/almalinux/vim-X11pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2:8.0.1763-16.el8_5.13+ 41 more
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 2:8.0.1763-16.el8_5.13
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.2.5038-150000.5.21.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 8.0.1568-5.17.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202208-32mitrevendor-advisoryx_refsource_GENTOO
- github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14bmitrex_refsource_MISC
- huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2022/03/msg00018.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.