JLSEC-2026-12

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

CLEANSTART-2026-NA21773 GNU patch through 2

Multiple security vulnerabilities affect the patch package. GNU patch through 2. See references for individual vulnerability details...

SUSE CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation fault via a crafted diff file...

GNU patch 安全漏洞

GNU patch is a set of tools used by the GNU community to generate patch files. GNU patch has a denial of service vulnerability in version 2.7, which stems from the existence of an invalid pointer to the Otherhunk function, which can be exploited to cause a denial of service...

PT-2021-24217

Name of the Vulnerable Software and Affected Versions: GNU patch version 2.7 Description: An Invalid Pointer issue exists, which causes a Denial of Service via the another hunk function. Recommendations: For GNU patch version 2.7, consider applying a patch or fix that addresses the another hunk...

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

...

Amazon Linux 2 : patch (ALAS-2019-1317)

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerable to OS shell...

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

EulerOS Virtualization for ARM 64 3.0.2.0 : patch (EulerOS-SA-2019-1922)

According to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this...

EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-1801)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrar...

DEBIAN-CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

patch: Out-of-bounds access in pch_write_line function in pch.c

A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files...

patch: Double free of memory in pch.c:another_hunk() causes a crash

A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches...

DEBIAN-CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...

Arbitrary Code Execution

patch is vulnerable to arbitrary code execution attacks. The vulnerability exists as GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitabl...

Updated patch packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches CVE-2018-6951. A double-free flaw was found in the way the patch utility processed patch files. An attacker...

MGASA-2018-0448 Updated patch packages fix security vulnerabilities

A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches CVE-2018-6951. A double-free flaw was found in the way the patch utility processed patch files. An attacker...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

EulerOS 2.0 SP1 : patch (EulerOS-SA-2018-1146)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed ca...

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...