Unrated severityNVD Advisory· Published Mar 7, 2023· Updated Mar 6, 2025

NULL Pointer Dereference in vim/vim

CVE-2023-1264

Description

A null pointer dereference in Vim's command-line handling allows attackers to crash the editor via a crafted nested :open command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A null pointer dereference in Vim's command-line handling allows attackers to crash the editor via a crafted nested :open command.

Vulnerability

A null pointer dereference vulnerability exists in the vgetorpeek function of Vim's input processing. The issue occurs when handling a nested :open command while in command-line mode, where get_cmdline_info()->cmdbuff can be NULL. The vulnerability affects Vim versions prior to 9.0.1392. [1]

Exploitation

An attacker can exploit this vulnerability by crafting a file or command sequence that triggers a nested :open command during command-line editing. The attacker does not require authentication if they can trick a user into executing the malicious commands. The specific sequence involves entering command-line mode and executing :open within a context where the command buffer is not initialized. [1]

Impact

Successful exploitation causes a null pointer dereference leading to a segmentation fault, resulting in a denial of service. There is no evidence of code execution or information disclosure. The crash terminates the Vim process. [1]

Mitigation

The vulnerability is fixed in Vim version 9.0.1392, released on 2023-03-07. Users should update to this version or later. For systems where updating is not immediately possible, avoid processing untrusted commands or opening files that may contain malicious :open sequences. [1]

References

patch 9.0.1392: using NULL pointer with nested :open command · vim/vim@7ac5023

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Vim/Vimllm-fuzzy2 versions
<9.0.1392+ 1 more
- (no CPE)range: <9.0.1392
- (no CPE)range: unspecified
osv-coords17 versions
pkg:apk/chainguard/vim pkg:apk/chainguard/vim-doc pkg:apk/wolfi/vim pkg:apk/wolfi/vim-doc pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3 pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweed pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 9.0.1392-r0+ 16 more
- (no CPE)range: < 9.0.1392-r0
- (no CPE)range: < 9.0.1392-r0
- (no CPE)range: < 9.0.1392-r0
- (no CPE)range: < 9.0.1392-r0
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1392-1.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1443-150000.5.40.1
- (no CPE)range: < 9.0.1572-17.18.1
- (no CPE)range: < 9.0.1572-17.18.1
- (no CPE)range: < 9.0.1572-17.18.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000