Lucene search
K

4 matches found

CVE
CVE
added 2018/02/13 7:0 p.m.672 views

CVE-2018-6952

The CVE-2018-6952 entry refers to a double-free vulnerability in the function another_hunk of pch.c in GNU patch up to version 2.7.6. Exploitation could crash the patch utility or cause denial of service. Connected advisories indicate patched versions are available and advisories recommend updati...

7.5CVSS6.2AI score0.08411EPSS
CVE
CVE
added 2018/04/06 1:0 p.m.625 views

CVE-2018-1000156

GNU patch through 2.7.6 is vulnerable to arbitrary command execution when applying ed-style patches. The root cause is insufficient sanitization of the input patch stream, allowing a crafted patch file to cause patch to pass ed-script commands to the editor. This can enable code execution under t...

7.8CVSS7.8AI score0.0556EPSS
CVE
CVE
added 2018/02/13 7:0 p.m.509 views

CVE-2018-6951

GNU patch 2.7.6 and earlier contains a denial-of-service vulnerability in the intu it_diff_type function (pch.c). Exploitation can cause a segmentation fault/NULL-pointer dereference. Remediation is upgrading to a patched release (e.g., 2.7.6-3 or newer as provided by distributions); upstream fix...

7.5CVSS7.1AI score0.08585EPSS
CVE
CVE
added 2018/02/13 7:0 p.m.264 views

CVE-2016-10713

CVE-2016-10713 affects GNU patch up to version 2.7.6, with an out-of-bounds access in pch_write_line() in pch.c that can cause a DoS via a crafted patch file. Several connected advisories note fixes/patches (e.g., Oracle Linux ELSA-2019-2033, EulerOS advisories) and reference that the vulnerable ...

5.5CVSS5.9AI score0.01588EPSS