A heap-based buffer overflow in function ins_bs may lead to corruption of sensitive information, a crash, or code execution.
Created vim tracking bugs for this issue:
Affects: fedora-all [bug 2102186]
PoC does not trigger on rhel-8 version, but does not check if the cursor column is more than zero when in replace mode. PoC triggers asan abort with rhel-9 version.