60 matches found
PYSEC-2020-30
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory beyond allocated bounds via a crafted patch file...
PYSEC-2020-30
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory beyond allocated bounds via a crafted patch file...
CVE-2020-15904
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory beyond allocated bounds via a crafted patch file...
PT-2020-14702 · Bsdiff4 · Bsdiff4
Name of the Vulnerable Software and Affected Versions: bsdiff4 versions prior to 1.2.0 Description: A buffer overflow in the patching routine allows an attacker to write to heap memory beyond allocated bounds via a crafted patch file. Recommendations: For versions prior to 1.2.0, update to versio...
CVE-2019-20633
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
AZL-35107 CVE-2019-20633 affecting package patch 2.7.6-9
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
AZL-6791 CVE-2019-20633 affecting package patch 2.7.6-8
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
ALPINE-CVE-2019-20633
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
CVE-2019-20633
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
CVE-2019-20633
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
Double free
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
CVE-2019-20633
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
CVE-2019-20633
CVE-2019-20633 affects GNU patch up to version 2.7.6. The vulnerability is a use-after-free in the function pch.c (another_hunk) caused by a faulty memory free (free(p_line[p_end])), which can enable denial of service via a crafted patch file. The issue is noted as stemming from an incomplete fix...
CVE-2019-20633
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
MGASA-2020-0093 Updated patch packages fix security vulnerabilities
Updated patch package fixes security vulnerabilities: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. CVE-2019-13636. A vulnerability was found in GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited...
NewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by multiple vulnerabilities: - An issue was discovered in GNU patch before 2.7.6. Out- of-bounds access within pchwriteline in pch.c can possibly lead to DoS via a crafted input...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
kube-apiserver: DoS with crafted patch of type json-patch
A denial of service vulnerability was found in the Kubernetes API server. A remote user, with authorization to apply patches, could exploit this via crafted JSON input, causing excessive consumption of resources and subsequent denial of service...
CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...