CVE-2018-20786
UnknownEPSS 2.97%
Last modified
CVE-2018-20786 is a vulnerability of currently unknown severity. libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.. EPSS estimates a 2.97% chance of exploitation in the next 30 days.
Description
libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Leonerd | Libvterm | <= 0\+bzr726 |
References
- https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8Patch, Third Party Advisory
- https://github.com/vim/vim/issues/3711Exploit, Third Party Advisory
- https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8Patch, Third Party Advisory
- https://github.com/vim/vim/issues/3711Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20786?
libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.
How severe is CVE-2018-20786?
Severity scoring for CVE-2018-20786 is pending analysis. The EPSS model estimates a 2.97% probability of exploitation in the next 30 days.
How do I fix CVE-2018-20786?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2018-20786?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST