5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
patch is vulnerable to privilege escalation. The vulnerability exists as the following of symlinks in inp.c and util.c is mishandled in cases other than input files.
CPE | Name | Operator | Version |
---|---|---|---|
patch | eq | 2.7.6__9.el8_0 | |
patch | eq | 2.7.6__8.el8 | |
patch | eq | 2.7.6__9.el8_0 | |
patch | eq | 2.7.6__8.el8 |
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
access.redhat.com/errata/RHSA-2020:1852
access.redhat.com/security/updates/classification/#moderate
git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
lists.debian.org/debian-lts-announce/2019/07/msg00016.html
seclists.org/bugtraq/2019/Jul/54
usn.ubuntu.com/4071-1/
usn.ubuntu.com/4071-2/
www.debian.org/security/2019/dsa-4489
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P