ALPINE-CVE-2026-28422

ALPINE-CVE-2026-28422 PUBLISHED CVSS 2.200000047683716 LOW

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

Risk Scores

CVSS v3.1

2.200000047683716

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.23	vim	9.0.1413-r0, 9.1.1747-r0, 7.4.2028-r0

Timeline

Feb 27, 2026 CVE Published
Mar 1, 2026 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2026-28422 advisory

Open in Interactive Console →