NULL Pointer Dereference in vim/vim
Description
NULL pointer dereference in vim's get_register() prior to 9.0.1531 could cause a crash when register contents become invalid.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NULL pointer dereference in vim's get_register() prior to 9.0.1531 could cause a crash when register contents become invalid.
Vulnerability
A NULL pointer dereference exists in the get_register() function of vim prior to version 9.0.1531. The flaw occurs when the register's y_current->y_array pointer becomes NULL while y_size is non-zero, leading to a crash. The issue was introduced in an earlier patch and is triggered under specific conditions where register contents are manipulated into an invalid state [3].
Exploitation
An attacker would need to craft input that causes vim to process a register with a NULL y_array pointer. The provided test case in the fix demonstrates a sequence of commands that triggers the crash, including setting the encoding and using specific normal mode operations. No authentication or special privileges are required beyond the ability to supply a file or commands to vim [3].
Impact
Successful exploitation results in a denial of service (crash) of the vim process. The vulnerability does not appear to allow arbitrary code execution or information disclosure based on the available references [3].
Mitigation
The vulnerability is fixed in vim version 9.0.1531, released with commit d1ae8366aff286d41e7f5bc513cc0a1af5130aad [3]. Users should upgrade to this version or later. No workaround is documented in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
33- osv-coords31 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.2
< 9.0.1572-150000.5.46.1+ 30 more
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1632-150500.20.3.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1538-1.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1632-150500.20.3.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1632-150500.20.3.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-17.18.1
- (no CPE)range: < 9.0.1572-17.18.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-17.18.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
- (no CPE)range: < 9.0.1572-150000.5.46.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/mitrevendor-advisory
- github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aadmitre
- huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622mitre
- support.apple.com/kb/HT213844mitre
- support.apple.com/kb/HT213845mitre
News mentions
0No linked articles in our index yet.