Divide By Zero in vim/vim
Description
Divide by zero in Vim prior to 9.0.1367 can cause denial of service by crashing when handling zero-width windows.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Divide by zero in Vim prior to 9.0.1367 can cause denial of service by crashing when handling zero-width windows.
Vulnerability
A divide-by-zero vulnerability exists in Vim versions prior to 9.0.1367, specifically in the window handling code when a zero-width window is processed. This can be triggered by manipulating the window layout to create a window with zero width [1].
Exploitation
An attacker with the ability to open a file and resize windows in Vim (e.g., via a crafted file or terminal input) can trigger the divide-by-zero by causing a zero-width window state. No authentication is required beyond local access to Vim [1].
Impact
Successful exploitation results in a crash of Vim, leading to denial of service. No code execution is indicated in the available reference [1].
Mitigation
The issue is fixed in Vim version 9.0.1367, released on [date not specified in references]. Users should update to at least this version. No workaround is documented in the available references [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
38- osv-coords36 versionspkg:apk/chainguard/vimpkg:apk/chainguard/vim-docpkg:apk/wolfi/vimpkg:apk/wolfi/vim-docpkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.0.1378-r0+ 35 more
- (no CPE)range: < 9.0.1378-r0
- (no CPE)range: < 9.0.1378-r0
- (no CPE)range: < 9.0.1378-r0
- (no CPE)range: < 9.0.1378-r0
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1367-1.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ6TMKKBXHGVUHWFGM4X46VIJO7ZAG2W/mitrevendor-advisory
- github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3cmitre
- huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1bebmitre
News mentions
0No linked articles in our index yet.