271 matches found
SUSE CVE-2018-6951
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue...
SUSE CVE-2018-6952
A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6...
SUSE CVE-2018-20969
doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...
SUSE CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
SUSE CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...
SUSE SLES12 Security Update : patch (SUSE-SU-2022:1932-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1932-1 advisory. - A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6. CVE-2018-6952 - In GNU patch through 2.7.6,...
SUSE SLED15 / SLES15 Security Update : patch (SUSE-SU-2022:1925-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1925-1 advisory. - A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6. CVE-2018-6952 - In GNU...
AlmaLinux 8 : patch (ALSA-2020:1852)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:1852 advisory. - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. CVE-2019-13636 Note...
DEBIAN-CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
Null pointer dereference
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
UBUNTU-CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anotherhunk function, which causes a Denial of Service...
CVE-2021-45261
CVE-2021-45261 describes an Invalid Pointer vulnerability in GNU patch 2.7, exploitable via the another_hunk function to cause a Denial of Service. Connected advisories indicate openSUSE patched to patch-2.8-2.1 (GA media), and multiple advisories list GNU patch 2.7 and the another_hunk path as t...
Advisory ROSA-SA-2021-1946
Software: path 2.7.1 OS: Cobalt 7.9 CVE-ID: CVE-2014-9637 CVE-Crit: MEDIUM CVE-DESC: GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation error with a crafted diff file. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2015-1196...
Denial Of Service (DoS)
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...
Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2021-1827)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...