Patch Security Vulnerabilities and Issues — Patch CVE List

Lucene search

GnuPatch

6 matches found

CVE•added 2018/02/13 7:29 p.m.•574 views

CVE-2018-6952

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

7.5CVSS6.2AI score0.12995EPSS

CVE•added 2018/04/06 1:29 p.m.•528 views

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE...

7.8CVSS7.8AI score0.43395EPSS

CVE•added 2018/02/13 7:29 p.m.•412 views

CVE-2018-6951

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

7.5CVSS7.1AI score0.23554EPSS

CVE•added 2017/08/25 6:29 p.m.•67 views

CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

7.1CVSS5.7AI score0.00378EPSS

CVE•added 2017/08/25 6:29 p.m.•66 views

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

7.8CVSS7.2AI score0.01515EPSS

CVE•added 2019/11/25 4:15 p.m.•53 views

CVE-2015-1396

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

7.5CVSS6.2AI score0.03663EPSS