Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.28 bug fix and security update
Details
CVSS v3
6.6
NVD published
2026-02-06 23:15:54
EPSS
<0.1% probability · 0.3th percentile — 2026-04-17
Affected versions
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Summary
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.