CVE-2018-20786NULL Pointer Dereference in Libvterm

CWE-476NULL Pointer Dereference10 documents7 sources
Severity
7.5HIGHNVD
OSV7.8
EPSS
0.3%
top 44.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
VIMDebian LibvtermDebian VIM+1 more
Timeline
PublishedFeb 24
Latest updateMay 13

Description

libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

debiandebian/libvterm< vim 2:8.1.0693-1 (bookworm)
NVDleonerd/libvterm0\+bzr726
debiandebian/vim< vim 2:8.1.0693-1 (bookworm)
Debianvim/vim< 2:8.1.0693-1+3
Ubuntuvim/vim< 2:7.4.1689-3ubuntu1.4+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-4r6h-327w-8qwr: libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application2022-05-13
OSV
vim vulnerabilities2020-03-23
OSV
CVE-2018-20786: libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application2019-02-24

📋Vendor Advisories

3
Ubuntu
Vim vulnerabilities2020-03-23
Red Hat
libvterm: NULL pointer dereference in vterm_screen_set_callbacks2018-12-24
Debian
CVE-2018-20786: libvterm - libvterm through 0+bzr726, as used in Vim and other products, mishandles certain...2018

💬Community

3
Bugzilla
CVE-2018-20786 libvterm: NULL pointer dereference in vterm_screen_set_callbacks [fedora-all]2019-02-25
Bugzilla
CVE-2018-20786 libvterm: NULL pointer dereference in vterm_screen_set_callbacks [epel-7]2019-02-25
Bugzilla
CVE-2018-20786 libvterm: NULL pointer dereference in vterm_screen_set_callbacks2019-02-25