Heap-based Buffer Overflow in vim/vim
Description
A heap-based buffer overflow in vim_regsub_both() in Vim prior to 9.0.1848 allows attackers to cause a crash or execute arbitrary code via a crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-based buffer overflow in vim_regsub_both() in Vim prior to 9.0.1848 allows attackers to cause a crash or execute arbitrary code via a crafted file.
Vulnerability
A heap-based buffer overflow vulnerability exists in the vim_regsub_both() function of Vim prior to version 9.0.1848 [1][2]. The flaw occurs when Vim processes a specially crafted file, leading to an out-of-bounds write in heap memory. The affected code path is reachable during file parsing without requiring special configuration beyond opening a malicious file [1].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a crafted file with Vim. No authentication or special privileges are required; the attack is triggered simply by parsing the malicious input. The exploit does not require user interaction beyond the act of opening the file [1].
Impact
Successful exploitation can lead to an unexpected application termination (denial of service) or arbitrary code execution in the context of the Vim process [1]. The attacker gains the ability to execute arbitrary code with the privileges of the user running Vim, potentially leading to full compromise of the user's session or data.
Mitigation
The vulnerability is fixed in Vim version 9.0.1848, released on an unspecified date [2]. The fix involves correcting the buffer handling in vim_regsub_both(). Apple also addressed this CVE in macOS Sonoma 14.1 by removing the vulnerable code [1]. Users are advised to update to Vim 9.0.1848 or later [2]. No workarounds are documented for earlier versions.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
29- osv-coords27 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/vim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.2
< 9.0.1894-150000.5.54.1+ 26 more
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-1.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-17.23.2
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-17.23.2
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.