Heap-based Buffer Overflow in vim/vim
Description
A heap-based buffer overflow in vim's do_put function, fixed in 9.0.1376, could allow memory corruption via crafted Visual block operations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-based buffer overflow in vim's do_put function, fixed in 9.0.1376, could allow memory corruption via crafted Visual block operations.
Vulnerability
A heap-based buffer overflow exists in the do_put function of vim versions prior to 9.0.1376. The flaw occurs when performing a put operation in Visual block mode under specific conditions. As shown in the fix commit [4], the vulnerability is addressed by correcting a condition check (spaces vs shortline) and adding bounds verification for the cursor position after the put operation to prevent accessing invalid memory.
Exploitation
An attacker would need to craft a file or input that triggers the problematic code path during a do_put call in Visual block mode. Successful exploitation requires the victim to open the malicious file in vim and execute a put command in Visual block select mode, which leads to the heap-based overflow.
Impact
If successfully exploited, this vulnerability can cause heap memory corruption, potentially leading to a crash or arbitrary code execution. The precise impact depends on the heap layout and attacker control, but the issue is classified as a heap-based buffer overflow with high severity.
Mitigation
The vulnerability is fixed in vim version 9.0.1376, released on or around March 3, 2023. Users should update to this version or later. No known workarounds are available for earlier versions. The fix is included in subsequent releases and distributions should update their packages accordingly [4].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
33- osv-coords31 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.0.1386-150000.5.37.1+ 30 more
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-150000.5.37.1
- (no CPE)range: < 9.0.1386-17.15.4
- (no CPE)range: < 9.0.1386-17.15.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIAKPMKJ4OZ6NYRZJO7YWMNQL2BICLYV/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4KDAU76Z7QNSPKZX2JAJ6O7KIEOXWTL/mitrevendor-advisory
- github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9cmitre
- huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4mitre
News mentions
0No linked articles in our index yet.