Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-28418

Опубликовано: 27 фев. 2026
Источник: redhat
CVSS3: 5.3

Описание

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.

A flaw was found in Vim. When processing a specially crafted Emacs-style tags file, a heap-based buffer overflow out-of-bounds read vulnerability allows an attacker to trick Vim into reading up to 7 bytes beyond its allocated memory boundary. This could lead to information disclosure or potentially affect the integrity of the application.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10vimFix deferred
Red Hat Enterprise Linux 6vimFix deferred
Red Hat Enterprise Linux 7vimFix deferred
Red Hat Enterprise Linux 8vimFix deferred
Red Hat Enterprise Linux 9vimFix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2443481vim: Vim: Information disclosure via heap-based buffer overflow in Emacs-style tags file parsing

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-28418

CVSS3: 4.4
ubuntu
27 дней назад

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.

nvd логотип

CVE-2026-28418

CVSS3: 4.4
nvd
27 дней назад

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.

msrc логотип

CVE-2026-28418

CVSS3: 4.4
msrc
26 дней назад

Vim has Heap-based Buffer Overflow in Emacs tags parsing

debian логотип

CVE-2026-28418

CVSS3: 4.4
debian
27 дней назад

Vim is an open source, command line text editor. Prior to version 9.2. ...

fstec логотип

BDU:2026-02590

CVSS3: 5.5
fstec
28 дней назад

Уязвимость текстового редактора vim, связанная с чтением за границами буфера в памяти, позволяющая нарушителю оказать воздействие на доступность защищаемой информации

5.3 Medium

CVSS3