PublicDateAtUSN: 2019-02-24 14:29:00 UTC
Candidate: CVE-2018-20786
PublicDate: 2019-02-24 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20786
 https://ubuntu.com/security/notices/USN-4309-1
Description:
 libvterm through 0+bzr726, as used in Vim and other products, mishandles
 certain out-of-memory conditions, leading to a denial of service
 (application crash), related to screen.c, state.c, and vterm.c.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/vim/vim/issues/3711
Priority: low
Discovered-by:
Assigned-to: leosilva
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libvterm:
upstream_libvterm: needs-triage
precise/esm_libvterm: DNE
trusty_libvterm: DNE
trusty/esm_libvterm: DNE
xenial_libvterm: DNE
bionic_libvterm: needed
cosmic_libvterm: ignored (reached end-of-life)
disco_libvterm: ignored (reached end-of-life)
eoan_libvterm: ignored (reached end-of-life)
focal_libvterm: needed
groovy_libvterm: ignored (reached end-of-life)
hirsute_libvterm: ignored (reached end-of-life)
impish_libvterm: needed
jammy_libvterm: needed
devel_libvterm: needed

Patches_vim:
 upstream: https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
upstream_vim: released (2:8.1.0693-1)
precise/esm_vim: not-affected
trusty_vim: not-affected
trusty/esm_vim: not-affected
xenial_vim: not-affected (code not present)
esm-infra/xenial_vim: not-affected (code not present)
bionic_vim: released (2:8.0.1453-1ubuntu1.3)
cosmic_vim: ignored (reached end-of-life)
disco_vim: ignored (reached end-of-life)
eoan_vim: not-affected (2:8.1.0875-4ubuntu1)
focal_vim: not-affected (2:8.1.0875-4ubuntu1)
groovy_vim: not-affected (2:8.1.0875-4ubuntu1)
hirsute_vim: not-affected (2:8.1.0875-4ubuntu1)
impish_vim: not-affected (2:8.1.0875-4ubuntu1)
jammy_vim: not-affected (2:8.1.0875-4ubuntu1)
devel_vim: not-affected (2:8.1.0875-4ubuntu1)