Lucene search
K
GnuPatch

6 matches found

CVE
CVE
added 2018/02/13 7:0 p.m.672 views

CVE-2018-6952

The CVE-2018-6952 entry refers to a double-free vulnerability in the function another_hunk of pch.c in GNU patch up to version 2.7.6. Exploitation could crash the patch utility or cause denial of service. Connected advisories indicate patched versions are available and advisories recommend updati...

7.5CVSS6.2AI score0.08411EPSS
CVE
CVE
added 2018/04/06 1:0 p.m.625 views

CVE-2018-1000156

GNU patch through 2.7.6 is vulnerable to arbitrary command execution when applying ed-style patches. The root cause is insufficient sanitization of the input patch stream, allowing a crafted patch file to cause patch to pass ed-script commands to the editor. This can enable code execution under t...

7.8CVSS7.8AI score0.0556EPSS
CVE
CVE
added 2018/02/13 7:0 p.m.510 views

CVE-2018-6951

GNU patch 2.7.6 and earlier contains a denial-of-service vulnerability in the intu it_diff_type function (pch.c). Exploitation can cause a segmentation fault/NULL-pointer dereference. Remediation is upgrading to a patched release (e.g., 2.7.6-3 or newer as provided by distributions); upstream fix...

7.5CVSS7.1AI score0.08585EPSS
CVE
CVE
added 2017/08/25 6:0 p.m.102 views

CVE-2014-9637

CVE-2014-9637 affects GNU patch up to version 2.7.2 and earlier. The root cause is a crafted diff file triggering a denial of service via memory consumption and a segmentation fault. The vulnerability is cited across multiple advisories (EulerOS, Huawei EulerOS, OpenVAS/Nessus entries) as part of...

7.1CVSS5.7AI score0.02373EPSS
CVE
CVE
added 2017/08/25 6:0 p.m.90 views

CVE-2015-1395

CVE-2015-1395 is a directory traversal vulnerability in GNU patch that affects versions before 2.7.3. An attacker can write to arbitrary files with the permissions of the target user via a .. in a diff file name. The vulnerability is referenced in multiple advisories across Linux distros (e.g., E...

7.8CVSS7.2AI score0.11199EPSS
CVE
CVE
added 2019/11/25 3:44 p.m.71 views

CVE-2015-1396

GNU patch before 2.7.4 is vulnerable to a directory-traversal via a symlink attack in a patch file, allowing remote write of arbitrary files. Root cause: incomplete fix for CVE-2015-1196. Affected: GNU patch (up to 2.7.3). Remediation: upgrade to 2.7.4 or later; no further details provided in the...

7.5CVSS6.2AI score0.03223EPSS