4 matches found
CVE-2018-6952
The CVE-2018-6952 entry refers to a double-free vulnerability in the function another_hunk of pch.c in GNU patch up to version 2.7.6. Exploitation could crash the patch utility or cause denial of service. Connected advisories indicate patched versions are available and advisories recommend updati...
CVE-2018-1000156
GNU patch through 2.7.6 is vulnerable to arbitrary command execution when applying ed-style patches. The root cause is insufficient sanitization of the input patch stream, allowing a crafted patch file to cause patch to pass ed-script commands to the editor. This can enable code execution under t...
CVE-2018-6951
GNU patch 2.7.6 and earlier contains a denial-of-service vulnerability in the intu it_diff_type function (pch.c). Exploitation can cause a segmentation fault/NULL-pointer dereference. Remediation is upgrading to a patched release (e.g., 2.7.6-3 or newer as provided by distributions); upstream fix...
CVE-2016-10713
CVE-2016-10713 affects GNU patch up to version 2.7.6, with an out-of-bounds access in pch_write_line() in pch.c that can cause a DoS via a crafted patch file. Several connected advisories note fixes/patches (e.g., Oracle Linux ELSA-2019-2033, EulerOS advisories) and reference that the vulnerable ...