Floating Point Comparison with Incorrect Operator in vim/vim
Description
Vim prior to 9.0.0804 contains a floating point comparison flaw allowing denial of service via crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Vim prior to 9.0.0804 contains a floating point comparison flaw allowing denial of service via crafted file.
Vulnerability
A floating point comparison with an incorrect operator exists in Vim versions prior to 9.0.0804. The bug occurs during evaluation of certain expressions, leading to undefined behavior. The affected code path can be triggered when processing a crafted file or by executing specific commands in Vim. The issue is addressed in commit cdef1cefa2a440911c727558562f83ed9b00e16b [2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted file or to execute a malicious Vim script. No authentication is required; the user must interact with the crafted input. The bug may cause an invalid floating point comparison resulting in a crash or incorrect program behavior [1].
Impact
Successful exploitation can lead to denial of service via application crash. In some cases, it may also cause incorrect evaluation of expressions, potentially leading to unintended data manipulation or information disclosure, though the primary impact is denial of service [1].
Mitigation
The fix was included in Vim version 9.0.0804, released on December 5, 2022. Users should upgrade to at least this version. Gentoo security advisory GLSA 202305-16 recommends upgrading to >=9.0.1157 [1]. No workaround is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
38- osv-coords36 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.0.1040-150000.5.31.1+ 35 more
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.