JLSEC-2026-18

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

JLSEC-2026-15

A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6...

MiracleLinux 7 : patch-2.7.1-11.el7 (AXSA:2019-3967:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3967:01 advisory. patch: Out-of-bounds access in pchwriteline function in pch.c CVE-2016-10713 patch: Double free of memory in pch.c:anotherhunk causes a crash...

EUVD-2019-11172

Malware in sbrugna...

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

...

Linux Distros Unpatched Vulnerability : CVE-2019-20633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted...

SUSE-SU-2025:20075-1 Security update for patch

This update for patch fixes the following issues: - CVE-2019-20633: Fix double-free/OOB read in pch.c bsc1167721...

SUSE-SU-2024:2704-1 Security update for patch

This update for patch fixes the following issues: - CVE-2019-20633: Fixed double-free/OOB read in pch.c bsc1167721...

SUSE CVE-2018-6951

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue...

EulerOS 2.0 SP3 : patch (EulerOS-SA-2021-1827)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of...

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 but the ! syntax is specific to ed and is unrelated to a shell metacharacter.

...

EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2020-1346)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon laun...

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

GNU patch resource management error vulnerability

GNU patch is a set of tools from the GNU Project for generating patch files. A resource management error vulnerability exists in the 'anotherhunk' function of the pch.c file in GNU patch 2.7.6 and earlier. An attacker can exploit this vulnerability to cause a denial of service with a specially...

AZL-6791 CVE-2019-20633 affecting package patch 2.7.6-8

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

CVE-2019-20633

CVE-2019-20633 affects GNU patch up to version 2.7.6. The vulnerability is a use-after-free in the function pch.c (another_hunk) caused by a faulty memory free (free(p_line[p_end])), which can enable denial of service via a crafted patch file. The issue is noted as stemming from an incomplete fix...

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

NewStart CGSL CORE 5.04 / MAIN 5.04 : patch Multiple Vulnerabilities (NS-SA-2019-0223)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by multiple vulnerabilities: - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style...

RHEL 7 : patch (RHSA-2019:3758)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3758 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes...