CLSA-2026-1777444367
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777444367.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2026-1777444367
- Upstream
- Published
- 2026-04-29T06:59:23Z
- Modified
- 2026-05-27T11:18:24.800855706Z
- Summary
- vim: Fix of 9 CVEs
- Details
-
- CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling.
- CVE-2021-4069: copy the current line before regexec in ex_open() so the match is not using freed memory when searching for a mark flushes it.
- CVE-2022-0351: limit eval7() recursion to 1000 levels to prevent a stack overflow from many nested "(" in an expression.
- CVE-2022-2129: disallow switching buffers in a substitute expression by extending the do_exedit() lock check to cover textlock as well.
- CVE-2022-2183: avoid reading past the NUL terminator in getlispindent().
- CVE-2022-2287: reject words containing control characters or a trailing slash before adding them to the internal spell word list.
- CVE-2022-3234: guard PBYTE against the cursor landing past the NUL in op_replace() with virtualedit, and skip the virtualedit coladd branch when a replacement has already happened.
- CVE-2022-3520: clamp bopend.col to zero in do_put() to prevent a negative column with Visual block put.
- CVE-2022-3591: disallow navigating to a dummy buffer in do_buffer() to prevent use-after-free.
- References
Affected packages
TuxCare:CentOS:7 / vim-X11
Package
- Name
- vim-X11
- Purl
- pkg:rpm/tuxcare/vim-X11?distro=centos-7
TuxCare:CentOS:7 / vim-common
Package
- Name
- vim-common
- Purl
- pkg:rpm/tuxcare/vim-common?distro=centos-7
TuxCare:CentOS:7 / vim-enhanced
Package
- Name
- vim-enhanced
- Purl
- pkg:rpm/tuxcare/vim-enhanced?distro=centos-7
TuxCare:CentOS:7 / vim-filesystem
Package
- Name
- vim-filesystem
- Purl
- pkg:rpm/tuxcare/vim-filesystem?distro=centos-7