Impact
Vim processes files encrypted with the VimCrypt~04! or VimCrypt~05! methods using the +sodium encryption feature. When such a file is shorter than one libsodium secretstream header, the length calculation underflows. The decryption routine then reads beyond the input buffer, causing Vim to crash. This bug is an unsigned integer underflow (CWE‑125) with potential signed integer conversion issues (CWE‑191) and provides a denial‑of‑service path.
Affected Systems
The flaw applies to the Vim editor on all platforms when the +sodium feature is enabled and the VimCrypt~04! or VimCrypt~05! methods are used. Versions released before 9.2.0671 are vulnerable. The vulnerability was fixed in release 9.2.0671.
Risk and Exploitability
The CVSS v3.1 score of 5.5 indicates moderate severity. An EPSS value is not published, and the flaw is not part of CISA’s KEV list. The attack vector requires a locally crafted encrypted file to be opened by a user or a process running Vim. By presenting an encrypted file whose size is shorter than a full libsodium secretstream header, an attacker can trigger a crash. Because the bug only causes a crash, the impact is limited to availability, though repeated crashes could be leveraged in a denial‑of‑service attack.
OpenCVE Enrichment
Ubuntu USN