CVE-2018-20786

CVE-2018-20786

Name

CVE-2018-20786

Description

libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://github.com/vim/vim/issues/3711
Patch	https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
UBUNTU	https://usn.ubuntu.com/4309-1/

Type

URI

Exploit

https://github.com/vim/vim/issues/3711

Patch

https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8

UBUNTU

https://usn.ubuntu.com/4309-1/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:leonerd:libvterm::::::::`	libvterm	>= None	<= 0\+bzr726

CPE URI

Source package

Min version

Max version

cpe:2.3:a:leonerd:libvterm:*:*:*:*:*:*:*:*

libvterm

>= None

<= 0\+bzr726

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libvterm	edge-community	0.3.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	edge-community	0.3.2-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	edge-community	0.3.1-r2	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	edge-community	0.3.1-r1	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	edge-community	0.3.1-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	edge-community	0.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	edge-community	0.1.20190920-r1	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	edge-community	0.1.4-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.23-community	0.3.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.22-community	0.3.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.22-community	0.1.4-r0	None	fixed
libvterm	3.21-community	0.1.4-r0	None	fixed
libvterm	3.20-community	0.3.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.20-community	0.1.4-r0	None	fixed
libvterm	3.19-community	0.3.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.19-community	0.3.2-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.19-community	0.1.4-r0	None	fixed
libvterm	3.18-community	0.3.1-r1	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.18-community	0.1.4-r0	None	fixed
libvterm	3.17-community	0.3-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
libvterm	3.17-community	0.1.4-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

libvterm

edge-community

0.3.3-r0

Jakub Jirutka <jakub@jirutka.cz>

fixed

libvterm

edge-community