2 matches found
CVE-2014-9637
CVE-2014-9637 affects GNU patch up to version 2.7.2 and earlier. The root cause is a crafted diff file triggering a denial of service via memory consumption and a segmentation fault. The vulnerability is cited across multiple advisories (EulerOS, Huawei EulerOS, OpenVAS/Nessus entries) as part of...
CVE-2015-1395
CVE-2015-1395 is a directory traversal vulnerability in GNU patch that affects versions before 2.7.3. An attacker can write to arbitrary files with the permissions of the target user via a .. in a diff file name. The vulnerability is referenced in multiple advisories across Linux distros (e.g., E...