Lucene search
K
GnuPatch

6 matches found

CVE
CVE
added 2019/07/17 8:4 p.m.634 views

CVE-2019-13636

CVE-2019-13636 affects GNU patch; the vulnerability arises from mishandling of following symlinks in inp.c and util.c in certain cases beyond input files. Public references describe potential for arbitrary file access/overwrite and, per Debian, shell command injection or escape from the working d...

5.9CVSS6.3AI score0.03927EPSS
CVE
CVE
added 2020/03/25 4:44 p.m.512 views

CVE-2019-20633

CVE-2019-20633 affects GNU patch up to version 2.7.6. The vulnerability is a use-after-free in the function pch.c (another_hunk) caused by a faulty memory free (free(p_line[p_end])), which can enable denial of service via a crafted patch file. The issue is noted as stemming from an incomplete fix...

5.5CVSS6.2AI score0.00998EPSS
CVE
CVE
added 2018/02/13 7:0 p.m.265 views

CVE-2016-10713

CVE-2016-10713 affects GNU patch up to version 2.7.6, with an out-of-bounds access in pch_write_line() in pch.c that can cause a DoS via a crafted patch file. Several connected advisories note fixes/patches (e.g., Oracle Linux ELSA-2019-2033, EulerOS advisories) and reference that the vulnerable ...

5.5CVSS5.9AI score0.01588EPSS
CVE
CVE
added 2021/12/22 5:12 p.m.91 views

CVE-2021-45261

CVE-2021-45261 describes an Invalid Pointer vulnerability in GNU patch 2.7, exploitable via the another_hunk function to cause a Denial of Service. Connected advisories indicate openSUSE patched to patch-2.8-2.1 (GA media), and multiple advisories list GNU patch 2.7 and the another_hunk path as t...

5.5CVSS5.3AI score0.00705EPSS
CVE
CVE
added 5 days ago13 views

CVE-2026-56288

CVE-2026-56288 affects GNU patch. A NULL pointer dereference can occur while processing specially crafted unified-diff patch files due to improper handling of consecutive end-of-file newline markers, leading to a crash and denial of service. The issue is mitigated by the fixed patch in commit e6d...

5.5CVSS5.9AI score0.00125EPSS
CVE
CVE
added 5 days ago9 views

CVE-2026-56289

CVE-2026-56289 affects GNU patch. The vulnerability is a DoS caused by improper validation of hunk line offsets in unified-diff input, where a crafted patch can specify an extremely large line number, causing an effectively infinite processing loop and high CPU usage, rendering the process unresp...

5.5CVSS5.9AI score0.00125EPSS