Lucene search

GitHub Advisory DatabaseGHSA-3V62-WW8W-758M

HistoryMay 13, 2022 - 1:24 a.m.

Mercurial Improper Input Validation vulnerability

2022-05-1301:24:55

CWE-20

GitHub Advisory Database

github.com

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%

JSON

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

CPENameOperatorVersion
mercuriallt4.6.1

CPE	Name	Operator	Version
	mercurial	lt	4.6.1

References

github.com/advisories/GHSA-3v62-ww8w-758m

lists.debian.org/debian-lts-announce/2020/07/msg00032.html

nvd.nist.gov/vuln/detail/CVE-2018-13348

www.mercurial-scm.org/repo/hg/rev/90a274965de7

www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29