OESA-2026-1565
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1565
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-1565.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-1565
- Upstream
- Published
- 2026-03-15T05:53:36Z
- Modified
- 2026-03-15T06:18:51.276151Z
- Summary
- vim security update
- Details
-
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.
Security Fix(es):
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the scp:// protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.(CVE-2026-28417)
Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.(CVE-2026-28418)
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.(CVE-2026-28419)
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.(CVE-2026-28420)
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.(CVE-2026-28421)
Vim is an open-source, command-line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in the
build_stl_str_hl()function when rendering a statusline with a multi-byte fill character on a very wide terminal. This vulnerability may lead to application crash or potential security risks.(CVE-2026-28422) - Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1565
- https://nvd.nist.gov/vuln/detail/CVE-2026-28417
- https://nvd.nist.gov/vuln/detail/CVE-2026-28418
- https://nvd.nist.gov/vuln/detail/CVE-2026-28419
- https://nvd.nist.gov/vuln/detail/CVE-2026-28420
- https://nvd.nist.gov/vuln/detail/CVE-2026-28421
- https://nvd.nist.gov/vuln/detail/CVE-2026-28422
Affected packages
openEuler:20.03-LTS-SP4
vim
Package
- Name
- vim
- Purl
- pkg:rpm/openEuler/vim&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0-40.oe2003sp4
Ecosystem specific
{
"src": [
"vim-9.0-40.oe2003sp4.src.rpm"
],
"x86_64": [
"vim-X11-9.0-40.oe2003sp4.x86_64.rpm",
"vim-common-9.0-40.oe2003sp4.x86_64.rpm",
"vim-debuginfo-9.0-40.oe2003sp4.x86_64.rpm",
"vim-debugsource-9.0-40.oe2003sp4.x86_64.rpm",
"vim-enhanced-9.0-40.oe2003sp4.x86_64.rpm",
"vim-minimal-9.0-40.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"vim-X11-9.0-40.oe2003sp4.aarch64.rpm",
"vim-common-9.0-40.oe2003sp4.aarch64.rpm",
"vim-debuginfo-9.0-40.oe2003sp4.aarch64.rpm",
"vim-debugsource-9.0-40.oe2003sp4.aarch64.rpm",
"vim-enhanced-9.0-40.oe2003sp4.aarch64.rpm",
"vim-minimal-9.0-40.oe2003sp4.aarch64.rpm"
],
"noarch": [
"vim-filesystem-9.0-40.oe2003sp4.noarch.rpm"
]
}openEuler:22.03-LTS-SP4
vim
Package
- Name
- vim
- Purl
- pkg:rpm/openEuler/vim&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0-40.oe2203sp4
Ecosystem specific
{
"src": [
"vim-9.0-40.oe2203sp4.src.rpm"
],
"x86_64": [
"vim-X11-9.0-40.oe2203sp4.x86_64.rpm",
"vim-common-9.0-40.oe2203sp4.x86_64.rpm",
"vim-debuginfo-9.0-40.oe2203sp4.x86_64.rpm",
"vim-debugsource-9.0-40.oe2203sp4.x86_64.rpm",
"vim-enhanced-9.0-40.oe2203sp4.x86_64.rpm",
"vim-minimal-9.0-40.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"vim-X11-9.0-40.oe2203sp4.aarch64.rpm",
"vim-common-9.0-40.oe2203sp4.aarch64.rpm",
"vim-debuginfo-9.0-40.oe2203sp4.aarch64.rpm",
"vim-debugsource-9.0-40.oe2203sp4.aarch64.rpm",
"vim-enhanced-9.0-40.oe2203sp4.aarch64.rpm",
"vim-minimal-9.0-40.oe2203sp4.aarch64.rpm"
],
"noarch": [
"vim-filesystem-9.0-40.oe2203sp4.noarch.rpm"
]
}openEuler:24.03-LTS
vim
Package
- Name
- vim
- Purl
- pkg:rpm/openEuler/vim&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.2092-26.oe2403sp1
Ecosystem specific
{
"src": [
"vim-9.0.2092-26.oe2403sp2.src.rpm",
"vim-9.0.2092-26.oe2403sp3.src.rpm",
"vim-9.0.2092-26.oe2403.src.rpm",
"vim-9.0.2092-26.oe2403sp1.src.rpm"
],
"x86_64": [
"vim-X11-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-common-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-X11-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-common-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-X11-9.0.2092-26.oe2403.x86_64.rpm",
"vim-common-9.0.2092-26.oe2403.x86_64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403.x86_64.rpm",
"vim-debugsource-9.0.2092-26.oe2403.x86_64.rpm",
"vim-enhanced-9.0.2092-26.oe2403.x86_64.rpm",
"vim-minimal-9.0.2092-26.oe2403.x86_64.rpm",
"vim-X11-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-common-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp1.x86_64.rpm"
],
"aarch64": [
"vim-X11-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-common-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-X11-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-common-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-X11-9.0.2092-26.oe2403.aarch64.rpm",
"vim-common-9.0.2092-26.oe2403.aarch64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403.aarch64.rpm",
"vim-debugsource-9.0.2092-26.oe2403.aarch64.rpm",
"vim-enhanced-9.0.2092-26.oe2403.aarch64.rpm",
"vim-minimal-9.0.2092-26.oe2403.aarch64.rpm",
"vim-X11-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-common-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp1.aarch64.rpm"
],
"noarch": [
"vim-filesystem-9.0.2092-26.oe2403sp2.noarch.rpm",
"vim-filesystem-9.0.2092-26.oe2403sp3.noarch.rpm",
"vim-filesystem-9.0.2092-26.oe2403.noarch.rpm",
"vim-filesystem-9.0.2092-26.oe2403sp1.noarch.rpm"
]
}openEuler:24.03-LTS-SP1
vim
Package
- Name
- vim
- Purl
- pkg:rpm/openEuler/vim&distro=openEuler-24.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.2092-26.oe2403sp1
Ecosystem specific
{
"src": [
"vim-9.0.2092-26.oe2403sp1.src.rpm"
],
"x86_64": [
"vim-X11-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-common-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp1.x86_64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp1.x86_64.rpm"
],
"aarch64": [
"vim-X11-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-common-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp1.aarch64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp1.aarch64.rpm"
],
"noarch": [
"vim-filesystem-9.0.2092-26.oe2403sp1.noarch.rpm"
]
}openEuler:24.03-LTS-SP2
vim
Package
- Name
- vim
- Purl
- pkg:rpm/openEuler/vim&distro=openEuler-24.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.2092-26.oe2403sp2
Ecosystem specific
{
"src": [
"vim-9.0.2092-26.oe2403sp2.src.rpm"
],
"x86_64": [
"vim-X11-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-common-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp2.x86_64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp2.x86_64.rpm"
],
"aarch64": [
"vim-X11-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-common-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp2.aarch64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp2.aarch64.rpm"
],
"noarch": [
"vim-filesystem-9.0.2092-26.oe2403sp2.noarch.rpm"
]
}openEuler:24.03-LTS-SP3
vim
Package
- Name
- vim
- Purl
- pkg:rpm/openEuler/vim&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.2092-26.oe2403sp3
Ecosystem specific
{
"src": [
"vim-9.0.2092-26.oe2403sp3.src.rpm"
],
"x86_64": [
"vim-X11-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-common-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp3.x86_64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp3.x86_64.rpm"
],
"aarch64": [
"vim-X11-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-common-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-debuginfo-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-debugsource-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-enhanced-9.0.2092-26.oe2403sp3.aarch64.rpm",
"vim-minimal-9.0.2092-26.oe2403sp3.aarch64.rpm"
],
"noarch": [
"vim-filesystem-9.0.2092-26.oe2403sp3.noarch.rpm"
]
}