CVE-2018-20786
HIGHLeonerd Libvterm < 0\+bzr726 - NULL Pointer Dereference
Title source: ruleDescription
libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
Exploit, Third Party Advisory x_refsource_misc
https://github.com/vim/vim/issues/3711
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4309-1/
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
50.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
leonerd/libvterm
< 0\+bzr726
Published
Feb 24, 2019
Tracked Since
Feb 18, 2026