271 matches found
Design/Logic Flaw
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...
CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...
CVE-2019-13636
CVE-2019-13636 affects GNU patch; the vulnerability arises from mishandling of following symlinks in inp.c and util.c in certain cases beyond input files. Public references describe potential for arbitrary file access/overwrite and, per Debian, shell command injection or escape from the working d...
CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...
CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...
CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...
UBUNTU-CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...
EulerOS Virtualization 2.5.1 : patch (EulerOS-SA-2018-1378)
According to the version of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM...
FreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)
NVD reports : An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a 'mangled rename' issue. A double free exists in the anotherhunk function in...
Security Bulletin: A vulnerability in patch affects PowerKVM
Summary PowerKVM is affected by a vulnerability in GNU Patch. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-1000156 DESCRIPTION: GNU Patch could allow a remote attacker to execute arbitrary code on the system, caused by an input validation error when processing...
GNU patch 'intuit_diff_type' function denial of service vulnerability
GNU patch is part of the GNU project and is a set of tools for generating patch files. A security vulnerability exists in the 'intuitdifftype' function of the pch.c file in GNU patch 2.7.6 and earlier. A remote attacker can exploit this vulnerability to cause a denial of service null pointer...
EulerOS 2.0 SP3 : patch (EulerOS-SA-2018-1184)
According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed ca...
patch: Malicious patch files cause ed to execute arbitrary commands
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
PT-2020-10609 · Gnu +2 · Gnu Patch +2
Name of the Vulnerable Software and Affected Versions: GNU patch versions prior to 2.7.7 Description: The issue is related to a Double Free vulnerability in the another hunk function in pch.c, which can cause a denial of service via a crafted patch file. Recommendations: For GNU patch versions...
EulerOS 2.0 SP2 : patch (EulerOS-SA-2018-1147)
According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed ca...
EulerOS 2.0 SP1 : patch (EulerOS-SA-2018-1146)
According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed ca...
Amazon Linux AMI : patch (ALAS-2018-1008)
Malicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file...
Important: patch
Issue Overview: Malicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a...
Important: patch
Issue Overview: Malicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a...
patch: Malicious patch files cause ed to execute arbitrary commands
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...