Unrated severityNVD Advisory· Published Sep 23, 2022· Updated May 22, 2025

NULL Pointer Dereference in vim/vim

CVE-2022-3278

Description

A NULL pointer dereference in Vim before 9.0.0552 can be exploited via a crafted file to cause a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in Vim before 9.0.0552 can be exploited via a crafted file to cause a denial of service.

Vulnerability

A NULL pointer dereference vulnerability exists in Vim (and gVim) prior to version 9.0.0552. The flaw occurs when the editor processes certain input, leading to a dereference of a null pointer. The exact code path is not detailed in the available references, but the issue is present in all versions before the fix.

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted file with Vim. No special privileges or network access are required beyond the ability to deliver the malicious file to the victim. The user interaction of opening the file triggers the null pointer dereference.

Impact

Successful exploitation results in a denial of service (DoS) due to a crash of the Vim process. The Gentoo security advisory [4] lists this CVE among multiple vulnerabilities that could lead to denial of service. No code execution or data compromise is indicated.

Mitigation

The fix was included in Vim version 9.0.0552 and later. Users should upgrade to at least that version. The Gentoo advisory [4] recommends upgrading to >=9.0.1157 for a comprehensive fix. No workaround is available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.

References

Multiple Vulnerabilities (GLSA 202305-16) — Gentoo security

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Vim/Vimllm-fuzzy2 versions
<9.0.0552+ 1 more
- (no CPE)range: <9.0.0552
- (no CPE)range: unspecified
osv-coords38 versions
pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.2 pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1 pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.0.0814-150000.5.28.1+ 37 more
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-150000.5.28.1
- (no CPE)range: < 9.0.0814-17.9.1
- (no CPE)range: < 9.0.0814-17.9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/mitrevendor-advisory
security.gentoo.org/glsa/202305-16mitrevendor-advisory
github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4emitre
huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000