Mercurial Security Vulnerabilities and Issues — Mercurial CVE List

Lucene search

MercurialMercurial

5 matches found

CVE•added 2018/03/14 1:29 p.m.•104 views

CVE-2018-1000132

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

9.1CVSS8.8AI score0.0026EPSS

CVE•added 2018/07/06 12:29 a.m.•84 views

CVE-2018-13347

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

9.8CVSS8.9AI score0.00431EPSS

CVE•added 2018/10/04 11:29 p.m.•73 views

CVE-2018-17983

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

9.1CVSS8.9AI score0.0023EPSS

CVE•added 2018/07/06 12:29 a.m.•69 views

CVE-2018-13348

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

7.5CVSS8.3AI score0.00145EPSS

CVE•added 2018/07/06 12:29 a.m.•66 views

CVE-2018-13346

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

7.5CVSS8.3AI score0.00144EPSS