CVE-2026-32249

Published: Mar 12, 2026 Last Modified: Mar 12, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low

Description

AI Translation Available

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0001
Percentile
0,0th
Updated

EPSS Score Trend (Last 4 Days)

476

NULL Pointer Dereference

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory
Applicable Platforms
Languages: C, C#, C++, Go, Java
Likelihood of Exploit: Medium
View CWE Details
https://github.com/vim/vim/commit/36d6e87542cf823d833e451e0…
https://github.com/vim/vim/commit/36d6e87542cf823d833e451e09a90ee429899cec
https://github.com/vim/vim/releases/tag/v9.2.0137
https://github.com/vim/vim/releases/tag/v9.2.0137
https://github.com/vim/vim/security/advisories/GHSA-9phh-42…
https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r