Buffer Over-read in function find_next_quote in vim/vim
Description
A buffer over-read in vim's find_next_quote function allows denial of service and potential code execution via a crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in vim's find_next_quote function allows denial of service and potential code execution via a crafted file.
Vulnerability
Buffer over-read in the find_next_quote function in vim prior to version 8.2.4925. The function fails to check for end-of-line after incrementing the column index when encountering an escape character, leading to reading past the end of the line. This occurs when a trailing backslash is present. Affected versions: all vim versions before 8.2.4925.
Exploitation
An attacker can exploit this by providing a specially crafted text file containing a line with a trailing backslash. When vim processes this file (e.g., during syntax highlighting or other operations that call find_next_quote), the buffer over-read occurs. No authentication or special privileges are required; the victim only needs to open the malicious file in vim.
Impact
The buffer over-read can cause a crash (denial of service). In some cases, it may lead to memory corruption and potentially arbitrary code execution, as stated in the CVE description. The impact is limited to the vim process.
Mitigation
Fixed in vim version 8.2.4925 [2]. Users should upgrade to at least this version. Gentoo recommends upgrading to >=9.0.0060 [4]. Apple included a fix in macOS Ventura 13 [1] (though the advisory mentions a different impact, it likely addresses this CVE). No workaround is available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- osv-coords6 versionspkg:rpm/almalinux/vim-commonpkg:rpm/almalinux/vim-enhancedpkg:rpm/almalinux/vim-filesystempkg:rpm/almalinux/vim-minimalpkg:rpm/almalinux/vim-X11pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweed
< 2:8.2.2637-16.el9_0.2+ 5 more
- (no CPE)range: < 2:8.2.2637-16.el9_0.2
- (no CPE)range: < 2:8.2.2637-16.el9_0.2
- (no CPE)range: < 2:8.2.2637-16.el9_0.2
- (no CPE)range: < 2:8.2.2637-16.el9_0.2
- (no CPE)range: < 2:8.2.2637-16.el9_0.2
- (no CPE)range: < 9.0.0453-2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/mitrevendor-advisory
- security.gentoo.org/glsa/202208-32mitrevendor-advisory
- security.gentoo.org/glsa/202305-16mitrevendor-advisory
- seclists.org/fulldisclosure/2022/Oct/28mitremailing-list
- seclists.org/fulldisclosure/2022/Oct/41mitremailing-list
- github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470ddmitre
- huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52eemitre
- support.apple.com/kb/HT213488mitre
News mentions
0No linked articles in our index yet.