3 matches found
CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
Input validation
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
CVE-2015-1418
CVE-2015-1418 affects GNU patch up to 2.7.6 and patch on FreeBSD 10.1–10.2, where the do_ed_script function in pch.c allows remote command execution via a crafted patch file, by passing a ‘!’ to the ed program. Impact is arbitrary command execution with the patch processing utility; details on re...