Description
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05!
method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim. This vulnerability is fixed in 9.2.0671.
Published: 2026-06-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Vim processes files encrypted with the VimCrypt~04! or VimCrypt~05! methods using the +sodium encryption feature. When such a file is shorter than one libsodium secretstream header, the length calculation underflows. The decryption routine then reads beyond the input buffer, causing Vim to crash. This bug is an unsigned integer underflow (CWE‑125) with potential signed integer conversion issues (CWE‑191) and provides a denial‑of‑service path.

Affected Systems

The flaw applies to the Vim editor on all platforms when the +sodium feature is enabled and the VimCrypt~04! or VimCrypt~05! methods are used. Versions released before 9.2.0671 are vulnerable. The vulnerability was fixed in release 9.2.0671.

Risk and Exploitability

The CVSS v3.1 score of 5.5 indicates moderate severity. An EPSS value is not published, and the flaw is not part of CISA’s KEV list. The attack vector requires a locally crafted encrypted file to be opened by a user or a process running Vim. By presenting an encrypted file whose size is shorter than a full libsodium secretstream header, an attacker can trigger a crash. Because the bug only causes a crash, the impact is limited to availability, though repeated crashes could be leveraged in a denial‑of‑service attack.

Generated by OpenCVE AI on June 25, 2026 at 16:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Vim to version 9.2.0671 or newer, which includes the fix for the underflow bug.
  • Rebuild or reinstall Vim with the +sodium feature disabled, or avoid using VimCrypt~04! or VimCrypt~05! methods, to prevent the vulnerability from being exercised.
  • Until an upgrade or feature change can be applied, avoid opening or creating VimCrypt~04! or VimCrypt~05! files that are smaller than a full libsodium secretstream header, as this will trigger the crash.

Generated by OpenCVE AI on June 25, 2026 at 16:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8500-1 Vim vulnerabilities
History

Thu, 02 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat
Redhat hummingbird
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 25 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Vim
Vim vim
Vendors & Products Vim
Vim vim

Thu, 25 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim. This vulnerability is fixed in 9.2.0671.
Title Vim: Out-of-bounds Read with libsodium-encrypted Files
Weaknesses CWE-125
CWE-191
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T15:47:18.346Z

Reserved: 2026-06-24T13:21:20.730Z

Link: CVE-2026-57452

cve-icon Vulnrichment

Updated: 2026-06-25T15:47:15.617Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T15:27:50Z

Links: CVE-2026-57452 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:15:04Z

Weaknesses
  • CWE-125

    Out-of-bounds Read

  • CWE-191

    Integer Underflow (Wrap or Wraparound)