Updated: 2025-11-10 02:07:23.502014
Description:
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | vim | 8.2.2637 | 7.8 | HIGH | Released | CLSA-2025:1737993483 | 2025-01-28 02:29:30 | |
| CentOS 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2024:1709563938 | 2024-03-15 14:09:33 | |
| CentOS 7 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2024:1720776957 | 2024-07-25 17:27:22 | |
| CloudLinux 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2024:1709564196 | 2024-03-15 14:09:34 | |
| Debian 10 ELS | vim | 8.1.0875 | 7.8 | HIGH | Released | CLSA-2025:1762419767 | 2025-11-06 13:54:36 | |
| Oracle Linux 6 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2024:1709564274 | 2024-03-04 10:09:03 | |
| Oracle Linux 7 ELS | vim | 7.4.629 | 7.8 | HIGH | Released | CLSA-2025:1760022881 | 2025-10-09 15:25:49 | |
| TuxCare 9.6 ESU | vim | 8.2.2637 | 7.8 | HIGH | Released | CLSA-2026:1767617422 | 2026-01-05 19:43:28 | |
| Ubuntu 16.04 ELS | vim | 7.4.1689-3 | 7.8 | HIGH | Released | CLSA-2024:1710436524 | 2024-03-14 14:09:25 |