overflow in get_number in vim
Description
Vim prior to 9.0.2111 allows integer overflow via the z= command when using large count values, leading to a potential crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Vim prior to 9.0.2111 allows integer overflow via the z= command when using large count values, leading to a potential crash.
Vulnerability
The z= command in Vim can overflow its count argument when the user provides a value larger than MAX_INT. This affects versions prior to 9.0.2111. The bug is triggered when the user interacts with the editor and executes the command with a crafted count. The overflow may cause undefined behavior or a crash. The vulnerability is fixed in commit 73b2d379, included in version 9.0.2111 [1].
Exploitation
An attacker must convince a user to run the z= command with an excessively large count value. The user interaction is required, and the overflow occurs during command processing. The exact sequence involves the user typing z= followed by a number larger than MAX_INT. The vulnerability does not require elevated privileges.
Impact
Successful exploitation can lead to a denial of service via a crash. The impact is rated low because user interaction is required and the crash may not occur in all situations. No remote code execution or data compromise is described.
Mitigation
Upgrade to Vim version 9.0.2111 or later, which contains the fix (commit 73b2d379). No workarounds are available [1]. Users should update their Vim installation via their package manager or by compiling the latest source code.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
27- osv-coords25 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.3
< 9.1.0111-150500.20.9.1+ 24 more
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-17.29.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-17.29.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968mitrex_refsource_MISC
- github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2023/11/16/1mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/mitre
- security.netapp.com/advisory/ntap-20231227-0002/mitre
News mentions
0No linked articles in our index yet.