CLSA-2026-1778260679
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778260679.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2026-1778260679
- Upstream
- Published
- 2026-05-08T17:18:06Z
- Modified
- 2026-05-27T11:18:14.857232234Z
- Summary
- vim: Fix of 7 CVEs
- Details
-
- CVE-2021-3875: fix mlget error after search with range; clamp ea->line2 to the buffer length in getaddress() so out-of-range addresses do not produce an out-of-bounds read (ex_docmd.c, upstream patch 8.2.3489)
- CVE-2022-4293: fix crash when dividing the largest negative integer by -1 in numdivide(); detect the LONGMIN / -1 case and clamp the result (typval.c, upstream patch 9.0.0913)
- CVE-2023-48231: fix use-after-free in winclose() when an autocmd closes a previously-validated window; re-check window validity before setting wclosing (window.c, upstream patch 9.0.2106)
- CVE-2023-48235: fix integer overflow in ex address parsing; verify lnum is positive before subtracting from LONGMAX in getaddress() and add elinenumberoutofrange[] in src/errors.h (exdocmd.c + errors.h, upstream patches 8.2.3659 + 9.0.2110)
- CVE-2024-41957: fix use-after-free in tagstackclearentry(); use VIMCLEAR to NULL pointers when freeing the tagstack on winfree (window.c, upstream patch 9.1.0647)
- CVE-2024-43374: fix use-after-free in alistadd(); lock the current window across the buflistadd() autocmd window so its tagstack reference cannot be freed underneath us (arglist.c, upstream patch 9.1.0678)
- CVE-2024-47814: fix use-after-free when closing a buffer; abort doecmd() if the new buffer is marked for deletion via blocked or blockedsplit (ex_cmds.c, upstream patch 9.1.0764)
- References