6 matches found
CVE-2018-6952
The CVE-2018-6952 entry refers to a double-free vulnerability in the function another_hunk of pch.c in GNU patch up to version 2.7.6. Exploitation could crash the patch utility or cause denial of service. Connected advisories indicate patched versions are available and advisories recommend updati...
CVE-2018-1000156
GNU patch through 2.7.6 is vulnerable to arbitrary command execution when applying ed-style patches. The root cause is insufficient sanitization of the input patch stream, allowing a crafted patch file to cause patch to pass ed-script commands to the editor. This can enable code execution under t...
CVE-2018-6951
GNU patch 2.7.6 and earlier contains a denial-of-service vulnerability in the intu it_diff_type function (pch.c). Exploitation can cause a segmentation fault/NULL-pointer dereference. Remediation is upgrading to a patched release (e.g., 2.7.6-3 or newer as provided by distributions); upstream fix...
CVE-2014-9637
CVE-2014-9637 affects GNU patch up to version 2.7.2 and earlier. The root cause is a crafted diff file triggering a denial of service via memory consumption and a segmentation fault. The vulnerability is cited across multiple advisories (EulerOS, Huawei EulerOS, OpenVAS/Nessus entries) as part of...
CVE-2015-1395
CVE-2015-1395 is a directory traversal vulnerability in GNU patch that affects versions before 2.7.3. An attacker can write to arbitrary files with the permissions of the target user via a .. in a diff file name. The vulnerability is referenced in multiple advisories across Linux distros (e.g., E...
CVE-2015-1396
GNU patch before 2.7.4 is vulnerable to a directory-traversal via a symlink attack in a patch file, allowing remote write of arbitrary files. Root cause: incomplete fix for CVE-2015-1196. Affected: GNU patch (up to 2.7.3). Remediation: upgrade to 2.7.4 or later; no further details provided in the...