{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28422", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T15:54:05.136Z", "datePublished": "2026-02-27T22:08:11.384Z", "dateUpdated": "2026-03-02T21:45:53.806Z"}, "containers": {"cna": {"title": "Vim has stack-buffer-overflow in build_stl_str_hl()", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf"}, {"name": "https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f"}, {"name": "https://github.com/vim/vim/releases/tag/v9.2.0078", "tags": ["x_refsource_MISC"], "url": "https://github.com/vim/vim/releases/tag/v9.2.0078"}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"version": "< 9.2.0078", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T22:08:11.384Z"}, "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue."}], "source": {"advisory": "GHSA-gmqx-prf2-8mwf", "discovery": "UNKNOWN"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/02/27/11"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-28T00:15:38.152Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T21:45:36.363670Z", "id": "CVE-2026-28422", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T21:45:53.806Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/02/27/11"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-28T00:15:38.152Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28422", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T21:45:36.363670Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T21:45:43.067Z"}}], "cna": {"title": "Vim has stack-buffer-overflow in build_stl_str_hl()", "source": {"advisory": "GHSA-gmqx-prf2-8mwf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "vim", "product": "vim", "versions": [{"status": "affected", "version": "< 9.2.0078"}]}], "references": [{"url": "https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf", "name": "https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f", "name": "https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vim/vim/releases/tag/v9.2.0078", "name": "https://github.com/vim/vim/releases/tag/v9.2.0078", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-27T22:08:11.384Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28422", "state": "PUBLISHED", "dateUpdated": "2026-03-02T21:45:53.806Z", "dateReserved": "2026-02-27T15:54:05.136Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-27T22:08:11.384Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AC02C67-00AB-4E9E-81A7-545DF0CF5D4D", "versionEndExcluding": "9.2.0078", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue."}, {"lang": "es", "value": "Vim es un editor de texto de c\u00f3digo abierto, de l\u00ednea de comandos. Antes de la versi\u00f3n 9.2.0078, ocurre un desbordamiento de b\u00fafer de pila en 'build_stl_str_hl()' al renderizar una l\u00ednea de estado con un car\u00e1cter de relleno multibyte en una terminal muy ancha. La versi\u00f3n 9.2.0078 corrige el problema."}], "id": "CVE-2026-28422", "lastModified": "2026-03-04T20:44:22.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-27T22:16:25.667", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vim/vim/commit/4e5b9e31cb7484ad156f"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/vim/vim/releases/tag/v9.2.0078"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/02/27/11"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: Vim: Integrity impact due to stack-buffer-overflow via wide terminal statusline rendering", "id": "2443475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443475"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-135", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-28422", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-02-27T22:08:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-28422\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-28422\nhttps://github.com/vim/vim/commit/4e5b9e31cb7484ad156f\nhttps://github.com/vim/vim/releases/tag/v9.2.0078\nhttps://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.2.0078)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "vim", "source": "cna", "vendor": "vim"}, "product": "vim", "vendor": "vim"}], "analysis": {"en": {"generated_at": "2026-04-16T15:08:18.006733+00:00", "value": {"mitigation_remediation": ["Upgrade Vim to version 9.2.0078 or newer, which contains the fix.", "If an upgrade is not immediately possible, avoid using multi\u2011byte statusline fill characters or reduce terminal width until the patch is applied.", "Stay informed of further advisories and apply future patches to Vim as they become available."], "summary": {"action": "Immediate Patch", "impact": "Stack Buffer Overflow in statusline rendering"}, "threat_synthesis": {"affected_systems": "Vim 9.2 and earlier versions before 9.2.0078 are affected. The issue is documented for the Vim editor, a widely used open\u2011source command\u2011line text editor, across all platforms where it is distributed.", "description_and_impact": "The vulnerability is a stack-buffer-overflow triggered inside the build_stl_str_hl() routine of Vim when a statusline containing a multi-byte fill character is rendered on a terminal that is very wide. The overflow can corrupt the call stack and potentially allow an attacker to execute arbitrary code, compromising the confidentiality and integrity of the system. The weakness is a classic stack-based buffer overflow.", "risk_and_exploitability": "The CVSS score is 2.2, indicating low severity, and the EPSS score is below 1%, suggesting a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local and requires an attacker to trigger the rendering of a specially crafted statusline in a terminal session where the terminal width is large enough to exploit the overflow. No remote exploitation vector is described, so the risk to users who do not alter statusline settings or use wide terminals remains low."}}}}, "created": "2026-03-02T12:04:35.252853+00:00", "updated": "2026-04-16T15:15:39.045256+00:00", "vendors": ["vim", "vim$PRODUCT$vim"], "weaknesses": ["CWE-121", "CWE-135"]}