Lucene search
K

4 matches found

CVE
CVE
added 2019/07/26 12:22 p.m.901 views

CVE-2019-13638

CVE-2019-13638 affects GNU patch up to version 2.7.6. It enables OS shell command injection when processing a crafted patch file containing an ed-style diff payload with shell metacharacters; the ed editor need not be present on the target system. Multiple connected advisories confirm vulnerable ...

9.3CVSS7.8AI score0.0453EPSS
CVE
CVE
added 2019/08/16 3:36 a.m.796 views

CVE-2018-20969

CVE-2018-20969 / CVE-2019-13638 (GNU patch) : The vulnerability resides in do_ed_script in pch.c of GNU patch up to version 2.7.6, where do_ed_script does not block strings starting with a ! character when using ed-style payloads. This is tied to an upstream commit shared with CVE-2019-13638 and ...

9.3CVSS7.4AI score0.02706EPSS
CVE
CVE
added 2019/07/17 8:4 p.m.633 views

CVE-2019-13636

CVE-2019-13636 affects GNU patch; the vulnerability arises from mishandling of following symlinks in inp.c and util.c in certain cases beyond input files. Public references describe potential for arbitrary file access/overwrite and, per Debian, shell command injection or escape from the working d...

5.9CVSS6.3AI score0.03927EPSS
CVE
CVE
added 2019/11/25 3:44 p.m.70 views

CVE-2015-1396

GNU patch before 2.7.4 is vulnerable to a directory-traversal via a symlink attack in a patch file, allowing remote write of arbitrary files. Root cause: incomplete fix for CVE-2015-1196. Affected: GNU patch (up to 2.7.3). Remediation: upgrade to 2.7.4 or later; no further details provided in the...

7.5CVSS6.2AI score0.03223EPSS