VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 29, 2023· Updated Oct 15, 2024

Use of Out-of-range Pointer Offset in vim/vim

CVE-2023-2426

Description

Use of out-of-range pointer offset in vim's fuzzy matching allows memory corruption, fixed in version 9.0.1499.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use of out-of-range pointer offset in vim's fuzzy matching allows memory corruption, fixed in version 9.0.1499.

Vulnerability

A use of out-of-range pointer offset exists in the fuzzy matching functionality of vim prior to version 9.0.1499. The flaw resides in the fuzzy_match_recursive and vgr_match_buylines functions, where improper bounds checking can lead to accessing memory outside the intended buffer, especially when a long search pattern is provided [3].

Exploitation

To exploit this vulnerability, an attacker would need to trick a user into opening a file or editing text that triggers a fuzzy match with an excessively long pattern. The attacker does not require authentication but relies on user interaction. Once triggered, the out-of-bounds access can cause undefined behavior.

Impact

Successful exploitation can lead to memory corruption, potentially resulting in denial of service or arbitrary code execution with the privileges of the user running vim. The exact impact depends on the system configuration and memory layout.

Mitigation

The issue is fixed in vim version 9.0.1499, which includes patches to properly bound the pattern length and clear structures before use [3]. Users should update to this version or later. No workaround is available if upgrading is not possible.

References
  1. patch 9.0.1499: using uninitialized memory with fuzzy matching · vim/vim@caf642c

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

33

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The fuzzy matching logic in Vim can use uninitialized memory when the pattern length exceeds a defined maximum."

Attack vector

An attacker can trigger this vulnerability by providing a specially crafted pattern to the fuzzy matching functionality within Vim. This could occur when Vim is used in an environment where user-supplied patterns are processed, such as through scripting or specific commands. The vulnerability is triggered when the pattern length exceeds `MAX_FUZZY_MATCHES` [ref_id=1].

Affected code

The vulnerability exists in the `vgr_match_buflines` function within the `vim/vim` repository. Specifically, the issue arises in the fuzzy string matching part of this function, which calls `fuzzy_match` [ref_id=1]. The related `fuzzy_match_recursive` function also had changes to initialize its `recursiveMatches` array.

What the fix does

The patch introduces a check to limit the `pat_len` variable to `MAX_FUZZY_MATCHES` before it is used in the fuzzy matching logic [ref_id=1]. This prevents the fuzzy matching function from accessing uninitialized memory by ensuring that the pattern length does not exceed the allocated buffer size for matches. Additionally, `CLEAR_FIELD` is used to initialize the `matches` array, further mitigating the risk of using uninitialized data.

Generated on Jun 6, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.