CVE-2026-28418

{"id": "CVE-2026-28418", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-02-27T22:16:25.003", "references": [{"url": "https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vim/vim/releases/tag/v9.2.0074", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "http://www.openwall.com/lists/oss-security/2026/02/27/7", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue."}, {"lang": "es", "value": "Vim es un editor de texto de c\u00f3digo abierto y de l\u00ednea de comandos. Antes de la versi\u00f3n 9.2.0074, hay un desbordamiento de b\u00fafer basado en mont\u00edculo con lectura fuera de l\u00edmites en la l\u00f3gica de an\u00e1lisis de archivos de etiquetas estilo Emacs de Vim. Al procesar un archivo de etiquetas malformado, Vim puede ser enga\u00f1ado para leer hasta 7 bytes m\u00e1s all\u00e1 del l\u00edmite de memoria asignada. La versi\u00f3n 9.2.0074 corrige el problema."}], "lastModified": "2026-03-03T17:49:55.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "969B50CB-4E2C-4F12-839D-39D4116BDBBC", "versionEndExcluding": "9.2.0074"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}