CVE-2025-26603: heap-use-after-free in function str_to_reg in vim/vim
Published Feb 18, 2025
·Updated
heap-use-after-free in function str_to_reg in vim/vim
Affected Software
6 affected componentsFixes available
vim Vim<9.1.1115
debian/vim<=2:8.2.2434-3+deb11u1, <=2:8.2.2434-3+deb11u3, <=2:9.0.1378-2+deb12u2
2:9.1.1230-1
vim Vim<9.1.1115
NetApp Hci Compute Node
Microsoft azl3 vim 9.1.0791-4
Microsoft cbl2 vim 9.1.0791-4
Remediation
Event History
Feb 18, 2025
CVE Published
via MITRE·07:04 PM
Data Sourced
via MITRE·07:04 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:15 PM
RemedyAffected Software
Feb 27, 2025
Data Sourced
via Microsoft·08:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
DescriptionSeverity
Apr 11, 2025
Data Sourced
via Ubuntu·06:37 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-26603?
CVE-2025-26603 has a medium severity rating due to its potential for unintended information disclosure.
2
How do I fix CVE-2025-26603?
To fix CVE-2025-26603, upgrade to Vim version 9.1.1116 or later where the vulnerability has been addressed.
3
What are the potential impacts of CVE-2025-26603?
The potential impacts of CVE-2025-26603 include unauthorized access to sensitive information stored in registers.
4
Is CVE-2025-26603 exploitable remotely?
CVE-2025-26603 is not considered exploitable remotely, as it requires local access to the Vim editor.
5
Which versions of Vim are affected by CVE-2025-26603?
CVE-2025-26603 affects Vim versions up to and including 9.1.1115.