Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-28422

Опубликовано: 27 фев. 2026
Источник: redhat
CVSS3: 2.2
EPSS Низкий

Описание

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in build_stl_str_hl() when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

A flaw was found in Vim, an open-source command-line text editor. A local user could exploit a stack-buffer-overflow vulnerability in the build_stl_str_hl() function by rendering a statusline with a multi-byte fill character on a very wide terminal. This could lead to an integrity impact, where data might be modified.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10vimFix deferred
Red Hat Enterprise Linux 6vimFix deferred
Red Hat Enterprise Linux 7vimFix deferred
Red Hat Enterprise Linux 8vimFix deferred
Red Hat Enterprise Linux 9vimFix deferred
Red Hat OpenShift Container Platform 4rhcosFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-135
https://bugzilla.redhat.com/show_bug.cgi?id=2443475vim: Vim: Integrity impact due to stack-buffer-overflow via wide terminal statusline rendering

EPSS

Процентиль: 0%
0.00005
Низкий

2.2 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-28422

CVSS3: 2.2
ubuntu
27 дней назад

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

nvd логотип

CVE-2026-28422

CVSS3: 2.2
nvd
27 дней назад

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

msrc логотип

CVE-2026-28422

CVSS3: 2.2
msrc
26 дней назад

Vim has stack-buffer-overflow in build_stl_str_hl()

debian логотип

CVE-2026-28422

CVSS3: 2.2
debian
27 дней назад

Vim is an open source, command line text editor. Prior to version 9.2. ...

fstec логотип

BDU:2026-02587

CVSS3: 2.2
fstec
28 дней назад

Уязвимость текстового редактора vim, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

EPSS

Процентиль: 0%
0.00005
Низкий

2.2 Low

CVSS3