overflow in shift_line in vim
Description
Vim shift_line() integer overflow in operator-pending mode leads to potential crash; fixed in 9.0.2112.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Vim shift_line() integer overflow in operator-pending mode leads to potential crash; fixed in 9.0.2112.
Vulnerability
A integer overflow vulnerability exists in Vim's shift_line() function when shifting lines in operator-pending mode. If a user provides a very large value, the computation count += (long long)sw_val * (long long)amount can overflow the signed integer count, causing undefined behavior. This affects Vim versions prior to 9.0.2112. The issue was introduced in an unknown earlier version and is addressed in commit 6bf131888 [2].
Exploitation
Exploitation requires user interaction: a user must open a file in Vim and trigger a shift operation (e.g., >, <) in operator-pending mode with a very large count value. An attacker cannot trigger this remotely without tricking the user into executing a crafted command or opening a malicious file that induces the overflow. The race window is negligible, and no special privileges are needed beyond normal file editing [1].
Impact
Successful exploitation may cause a crash (denial of service). The impact is low, as a crash may not occur in all situations, and the attacker does not gain code execution, privilege escalation, or information disclosure. The vulnerability does not lead to reading or writing files or executing arbitrary commands [1].
Mitigation
Upgrade to Vim version 9.0.2112 or later, which contains the fix from commit 6bf131888 [1][2]. No workarounds are available; users must apply the patch or update their package. Fedora packages have been updated accordingly [3][4].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
27- osv-coords25 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.3
< 9.1.0111-150500.20.9.1+ 24 more
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-150500.20.9.1
- (no CPE)range: < 9.1.0111-17.29.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-17.29.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
- (no CPE)range: < 9.1.0111-150000.5.60.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496emitrex_refsource_MISC
- github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2023/11/16/1mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UJAK2W5S7G75ETDAEM3BDUCVSXCEGRD/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3VQF7CL3V6FGSEW37WNDFBRRILR65AK/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNRNYLWXZOGTYWE5HMFNQ5FVE3HBUHF6/mitre
- security.netapp.com/advisory/ntap-20231227-0005/mitre
News mentions
0No linked articles in our index yet.