PT-2026-5035

Name of the Vulnerable Software and Affected Versions Meshtastic versions prior to 2.7.6.834c3c5 Description Meshtastic is a mesh networking solution where nodes are identified by their NodeID, derived from the MAC address, rather than their public key. This design flaw allows an attacker to forg...

Advisory ROSA-SA-2024-2468

software: patch 2.7.6 OS: ROSA-CHROME packageevrstring: patch-2.7.6-5 CVE-ID: CVE-2018-6951 BDU-ID: 2023-01652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the intuitdifftype function of the pch.c component of the Patch edit transfer program is related to pointer dereferencing errors. Exploitatio...

CVE-2018-20969 affecting package patch for versions less than 2.7.6-9

CVE-2018-20969 affecting package patch for versions less than 2.7.6-9. A patched version of the package is available...

CVE-2018-6952 affecting package patch for versions less than 2.7.6-9

CVE-2018-6952 affecting package patch for versions less than 2.7.6-9. A patched version of the package is available...

CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9

CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9. A patched version of the package is available...

CVE-2018-6951 affecting package patch for versions less than 2.7.6-9

CVE-2018-6951 affecting package patch for versions less than 2.7.6-9. A patched version of the package is available...

Denial Of Service (DoS)

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

CVE-2018-20969 affecting package patch 2.7.6-7

CVE-2018-20969 affecting package patch 2.7.6-7. A patched version of the package is available...

CVE-2019-13638 affecting package patch 2.7.6-7

CVE-2019-13638 affecting package patch 2.7.6-7. A patched version of the package is available...

CVE-2018-6952 affecting package patch 2.7.6-7

CVE-2018-6952 affecting package patch 2.7.6-7. A patched version of the package is available...

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

GLSA-201908-22 : Patch: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-22 Patch: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers referenced below for details. Impact : A local attacker could pass a specially crafted diff file t...

CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

GLSA-201904-17 : Patch: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201904-17 Patch: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

Patch: Multiple vulnerabilities

Background Patch takes a patch file containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. Description Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers reference...

EulerOS Virtualization 2.5.1 : patch (EulerOS-SA-2018-1378)

According to the version of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM...

EulerOS 2.0 SP2 : patch (EulerOS-SA-2018-1147)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed ca...

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...