JLSEC-2026-13

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

The vulnerability of the do_ed_script function in the GNU Patch software’s source code (src/pch.c) allows a malicious actor to access confidential information and execute arbitrary commands, due to the lack of measures taken to neutralize special elements used in the operating system’s command syntax.

The vulnerability of the doedscript function in the GNU Patch software lies in its failure to prevent the neutralization of special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to access confidential information and execute arbitrary comman...

DEBIAN-CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

AZL-35102 CVE-2018-20969 affecting package patch for versions less than 2.7.6-9

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...