Vulnerability Details CVE-2019-20079
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421
- https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136
- https://packetstormsecurity.com/files/154898
- https://usn.ubuntu.com/4309-1/
- https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421
- https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136
- https://packetstormsecurity.com/files/154898
- https://usn.ubuntu.com/4309-1/
Products affected by CVE-2019-20079
-
cpe:2.3:a:vim:vim:8.1.2121
-
cpe:2.3:a:vim:vim:8.1.2122
-
cpe:2.3:a:vim:vim:8.1.2123
-
cpe:2.3:a:vim:vim:8.1.2124
-
cpe:2.3:a:vim:vim:8.1.2125
-
cpe:2.3:a:vim:vim:8.1.2126
-
cpe:2.3:a:vim:vim:8.1.2127
-
cpe:2.3:a:vim:vim:8.1.2128
-
cpe:2.3:a:vim:vim:8.1.2129
-
cpe:2.3:a:vim:vim:8.1.2130
-
cpe:2.3:a:vim:vim:8.1.2131
-
cpe:2.3:a:vim:vim:8.1.2132
-
cpe:2.3:a:vim:vim:8.1.2133
-
cpe:2.3:a:vim:vim:8.1.2134
-
cpe:2.3:a:vim:vim:8.1.2135
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10