7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
50.6%
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
mpatch_decode
mpatch.c
github.com/advisories/GHSA-3v62-ww8w-758m
lists.debian.org/debian-lts-announce/2020/07/msg00032.html
nvd.nist.gov/vuln/detail/CVE-2018-13348
www.mercurial-scm.org/repo/hg/rev/90a274965de7
www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29