9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.016 Low
EPSS
Percentile
87.5%
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html
access.redhat.com/errata/RHSA-2019:2798
access.redhat.com/errata/RHSA-2019:2964
access.redhat.com/errata/RHSA-2019:3757
access.redhat.com/errata/RHSA-2019:3758
access.redhat.com/errata/RHSA-2019:4061
git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
github.com/irsl/gnu-patch-vulnerabilities
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/
seclists.org/bugtraq/2019/Aug/29
seclists.org/bugtraq/2019/Jul/54
security-tracker.debian.org/tracker/CVE-2019-13638
security.gentoo.org/glsa/201908-22
security.netapp.com/advisory/ntap-20190828-0001/
www.debian.org/security/2019/dsa-4489
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.016 Low
EPSS
Percentile
87.5%