{"id":"CLSA-2026-1777476716","summary":"vim: Fix of 8 CVEs","details":"- CVE-2021-4019: replace the unbounded STRCPY pair in find_help_tags()\n  with vim_snprintf bounded by IOSIZE to prevent heap buffer overflow\n  with long :help arguments starting with \"\\%_z@\".\n- CVE-2021-4192: re-fetch regline/reginput via reg_getline() after\n  getvvcol() in reg_match_visual() so the cached line pointer cannot\n  become a use-after-free when getvvcol flushes the line buffer.\n- CVE-2021-4193: clamp pos-\u003ecol to the first NUL in getvcol() so\n  /\\%V searches cannot read past the end of the line.\n- CVE-2022-1720: in get_visual_text(), drop a trailing NUL from\n  non-mbyte selection length and guard the mbyte correction with\n  *lenp \u003e 0 so \"gf\" in Visual block mode does not read past the line.\n- CVE-2022-2126: also require sp-\u003ets_fidx \u003e 0 before decrementing\n  ts_fidx in the DIFF_INSERT branch of suggest_trie_walk() so spell\n  suggestion cannot read before the start of the bad-word buffer.\n- CVE-2022-2210: initialise off = 0 at the top of the deleted \u003e 0\n  branch of diff_mark_adjust_tp() and only compute the real offset in\n  the \"5. delete lines at or just before top of diff\" case, so a\n  diff-block full-delete does not use a stale offset.\n- CVE-2022-2285: place a NUL terminator at tp[len] before key-name\n  matching in check_termcode() so crafted typeahead cannot be read\n  past the end of the buffer.\n- CVE-2022-2345: always vim_strsave(newsub) into reg_prev_sub in\n  regtilde() and track an allocated regtilde result in sub_copy in\n  do_sub() so a recursive :s cannot use freed memory.","modified":"2026-05-27T11:18:28.146790192Z","published":"2026-05-06T08:12:06Z","upstream":["CVE-2021-4019","CVE-2021-4192","CVE-2021-4193","CVE-2022-1720","CVE-2022-2126","CVE-2022-2210","CVE-2022-2285","CVE-2022-2345"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/oraclelinux7els/CLSA-2026-1777476716.html"}],"affected":[{"package":{"name":"vim-X11","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/vim-X11?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4.629-8.0.1.el7_9.tuxcare.els7"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1777476716.json"}},{"package":{"name":"vim-common","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/vim-common?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4.629-8.0.1.el7_9.tuxcare.els7"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1777476716.json"}},{"package":{"name":"vim-enhanced","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/vim-enhanced?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4.629-8.0.1.el7_9.tuxcare.els7"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1777476716.json"}},{"package":{"name":"vim-filesystem","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/vim-filesystem?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4.629-8.0.1.el7_9.tuxcare.els7"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1777476716.json"}},{"package":{"name":"vim-minimal","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/vim-minimal?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:7.4.629-8.0.1.el7_9.tuxcare.els7"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1777476716.json"}}],"schema_version":"1.7.5"}