Heap-based Buffer Overflow in vim/vim
Description
Heap-based buffer overflow in Vim's trunc_string() function allows arbitrary code execution via crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-based buffer overflow in Vim's trunc_string() function allows arbitrary code execution via crafted input.
Vulnerability
A heap-based buffer overflow exists in the trunc_string() function of Vim versions prior to 9.0.1969. The function incorrectly uses the index e instead of buflen when null-terminating a truncated string, leading to an out-of-bounds write on the heap [4]. This vulnerability is reachable when Vim processes text that triggers string truncation, such as long lines or specially crafted file content.
Exploitation
An attacker can exploit this vulnerability by providing a malicious file or input that causes Vim to call trunc_string() with a buffer length that results in an overflow. No authentication is required; the victim only needs to open the crafted file with an affected version of Vim. The overflow occurs during the null-termination step, writing a single NUL byte beyond the allocated buffer [4].
Impact
Successful exploitation of this heap-based buffer overflow can lead to arbitrary code execution in the context of the Vim process. An attacker could potentially gain control of the system or execute arbitrary commands with the privileges of the user running Vim.
Mitigation
The vulnerability is fixed in Vim version 9.0.1969, released on 2023-10-02 [4]. Users should update to this version or later. No workaround is available; updating is the only mitigation.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
28- osv-coords26 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 9.0.2103-150000.5.57.1+ 25 more
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.2103-17.26.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-17.26.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
- (no CPE)range: < 9.0.2103-150000.5.57.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- seclists.org/fulldisclosure/2023/Dec/10mitre
- seclists.org/fulldisclosure/2023/Dec/11mitre
- seclists.org/fulldisclosure/2023/Dec/9mitre
- github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04mitre
- huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bfmitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4W665GQBN6S6ZDMYWVF4X7KMFI7AQKJL/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOXBUJLJ5VSPN3YXWN7XZA4JDYKNE7GZ/mitre
- support.apple.com/kb/HT214036mitre
- support.apple.com/kb/HT214037mitre
- support.apple.com/kb/HT214038mitre
News mentions
0No linked articles in our index yet.