CVE-2026-32249NULL Pointer Dereference in VIM

CWE-476NULL Pointer Dereference19 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
VIMDebian VIMMsrc Azl3 VIM 9.2.0088-1 ON Azure Linux 3.0+1 more
Timeline
PublishedMar 12
Latest updateApr 13

Description

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDvim/vim9.1.00119.1.0137
debiandebian/vim< vim 2:9.2.0218-1 (forky)
Debianvim/vim< 2:9.2.0218-1
CVEListV5vim/vim>= 9.1.0011, < 9.2.0137

Patches

Patch: github.com

🔴Vulnerability Details

1
OSV
CVE-2026-32249: Vim is an open source, command line text editor2026-03-12

📋Vendor Advisories

4
Ubuntu
Vim vulnerabilities2026-04-13
Red Hat
vim: NFA regex engine NULL pointer dereference2026-03-12
Microsoft
NFA regex engine NULL pointer dereference affects Vim < 9.2.01372026-03-10
Debian
CVE-2026-32249: vim - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.013...2026

🕵️Threat Intelligence

13
Wiz
CVE-2026-34714 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-28422 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-28419 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-25749 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-28420 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-32249 — NULL Pointer Dereference in VIM | cvebase