CVE-2018-20786

libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Libvterm	Leonerd	*	0+bzr726 (including)
Libvterm	Ubuntu	bionic	*
Libvterm	Ubuntu	cosmic	*
Libvterm	Ubuntu	devel	*
Libvterm	Ubuntu	disco	*
Libvterm	Ubuntu	eoan	*
Libvterm	Ubuntu	esm-apps/bionic	*
Libvterm	Ubuntu	esm-apps/focal	*
Libvterm	Ubuntu	esm-apps/jammy	*
Libvterm	Ubuntu	esm-apps/noble	*
Libvterm	Ubuntu	focal	*
Libvterm	Ubuntu	groovy	*
Libvterm	Ubuntu	hirsute	*
Libvterm	Ubuntu	impish	*
Libvterm	Ubuntu	jammy	*
Libvterm	Ubuntu	kinetic	*
Libvterm	Ubuntu	lunar	*
Libvterm	Ubuntu	mantic	*
Libvterm	Ubuntu	noble	*
Libvterm	Ubuntu	oracular	*
Libvterm	Ubuntu	plucky	*
Libvterm	Ubuntu	questing	*
Vim	Ubuntu	bionic	*
Vim	Ubuntu	cosmic	*
Vim	Ubuntu	disco	*
Vim	Ubuntu	esm-infra/bionic	*
Vim	Ubuntu	upstream	*

Potential Mitigations

References

https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
https://github.com/vim/vim/issues/3711
https://usn.ubuntu.com/4309-1/
https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
https://github.com/vim/vim/issues/3711
https://usn.ubuntu.com/4309-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-20786
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References