Bug 1126750 (CVE-2018-20786)

Summary: VUL-1: CVE-2018-20786: vim: libvterm mishandles certain out-of-memory conditions, leading to a denial of service
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Ismail Dönmez <ismail>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: abergmann, atoptsoglou, gboiko, ismail, smash_bz
Version: unspecifiedFlags: abergmann: needinfo? (ismail)
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/225335/
Whiteboard: CVSSv3:SUSE:CVE-2018-20786:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Robert Frohl 2019-02-25 09:19:30 UTC
CVE-2018-20786

libvterm through 0+bzr726, as used in Vim and other products, mishandles certain
out-of-memory conditions, leading to a denial of service (application crash),
related to screen.c, state.c, and vterm.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20786
https://github.com/vim/vim/issues/3711
https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8
Comment 1 Robert Frohl 2019-02-25 09:20:54 UTC
Only treating SUSE:SLE-15:Update as affected. In previous version of vim libvterm was not included.