CVE-2018-20786 - libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory condi

CVE-2018-20786

Summary

libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.

References

https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
https://github.com/vim/vim/issues/3711
https://usn.ubuntu.com/4309-1/

Vulnerable Configurations

cpe:2.3:a:leonerd:libvterm:*:*:*:*:*:*:*:*
cpe:2.3:a:leonerd:libvterm:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 30-03-2020 - 20:15)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

misc	https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8 https://github.com/vim/vim/issues/3711
ubuntu	USN-4309-1

Last major update

30-03-2020 - 20:15

Published

24-02-2019 - 14:29

Last modified

30-03-2020 - 20:15