All the vulnerabilites related to gnu - patch
cve-2015-1396
Vulnerability from cvelistv5
Published
2019-11-25 15:44
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/27/29 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/75358 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1186764 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/75358 | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-2651-1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/01/27/29 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
},
{
"name": "75358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T17:49:38",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
},
{
"name": "75358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-1396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
},
{
"name": "75358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75358"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
},
{
"name": "http://www.securityfocus.com/bid/75358",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/75358"
},
{
"name": "http://www.ubuntu.com/usn/USN-2651-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/01/27/29",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-1396",
"datePublished": "2019-11-25T15:44:16",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9637
Vulnerability from cvelistv5
Published
2017-08-25 18:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://savannah.gnu.org/bugs/?44051 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/22/7 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html | vendor-advisory, x_refsource_FEDORA | |
| http://advisories.mageia.org/MGASA-2015-0068.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72286 | vdb-entry, x_refsource_BID | |
| https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1185262 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2651-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?44051"
},
{
"name": "[oss-security] 20150122 Re: CVE request: directory traversal flaw in patch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
},
{
"name": "FEDORA-2015-1134",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0068.html"
},
{
"name": "72286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
},
{
"name": "FEDORA-2015-1165",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
},
{
"name": "USN-2651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T17:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?44051"
},
{
"name": "[oss-security] 20150122 Re: CVE request: directory traversal flaw in patch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
},
{
"name": "FEDORA-2015-1134",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0068.html"
},
{
"name": "72286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
},
{
"name": "FEDORA-2015-1165",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
},
{
"name": "USN-2651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-9637",
"datePublished": "2017-08-25T18:00:00",
"dateReserved": "2015-01-22T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10713
Vulnerability from cvelistv5
Published
2018-02-13 19:00
Modified
2024-08-06 03:30
Severity ?
EPSS score ?
Summary
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3624-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3624-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/103063 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2019:2033 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3624-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"name": "USN-3624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
},
{
"name": "103063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103063"
},
{
"name": "RHSA-2019:2033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3624-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"name": "USN-3624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
},
{
"name": "103063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103063"
},
{
"name": "RHSA-2019:2033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3624-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"name": "USN-3624-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"name": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
},
{
"name": "103063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103063"
},
{
"name": "RHSA-2019:2033",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10713",
"datePublished": "2018-02-13T19:00:00",
"dateReserved": "2018-02-13T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13636
Vulnerability from cvelistv5
Published
2019-07-17 20:04
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
},
{
"name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
},
{
"name": "USN-4071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4071-1/"
},
{
"name": "USN-4071-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4071-2/"
},
{
"name": "DSA-4489",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"name": "GLSA-201908-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"name": "FEDORA-2019-ac709da87f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-05T15:38:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
},
{
"name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
},
{
"name": "USN-4071-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4071-1/"
},
{
"name": "USN-4071-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4071-2/"
},
{
"name": "DSA-4489",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"name": "GLSA-201908-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"name": "FEDORA-2019-ac709da87f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
},
{
"name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
},
{
"name": "USN-4071-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4071-1/"
},
{
"name": "USN-4071-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4071-2/"
},
{
"name": "DSA-4489",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"name": "GLSA-201908-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"name": "FEDORA-2019-ac709da87f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190828-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"name": "https://github.com/irsl/gnu-patch-vulnerabilities",
"refsource": "MISC",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13636",
"datePublished": "2019-07-17T20:04:00",
"dateReserved": "2019-07-17T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45261
Vulnerability from cvelistv5
Published
2021-12-22 17:12
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://savannah.gnu.org/bugs/?61685 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:20.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?61685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T17:12:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://savannah.gnu.org/bugs/?61685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/?61685",
"refsource": "MISC",
"url": "https://savannah.gnu.org/bugs/?61685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45261",
"datePublished": "2021-12-22T17:12:19",
"dateReserved": "2021-12-20T00:00:00",
"dateUpdated": "2024-08-04T04:39:20.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1196
Vulnerability from cvelistv5
Published
2015-01-21 18:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3 | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1182154 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72074 | vdb-entry, x_refsource_BID | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2015/q1/173 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html | vendor-advisory, x_refsource_SUSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99967 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
},
{
"name": "72074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
},
{
"name": "[oss-security] 20150118 Re: CVE request: directory traversal flaw in patch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/173"
},
{
"name": "openSUSE-SU-2015:0199",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
},
{
"name": "gnupatch-unspecified-symlink(99967)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
},
{
"name": "72074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
},
{
"name": "[oss-security] 20150118 Re: CVE request: directory traversal flaw in patch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/173"
},
{
"name": "openSUSE-SU-2015:0199",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
},
{
"name": "gnupatch-unspecified-symlink(99967)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
},
{
"name": "72074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72074"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
},
{
"name": "[oss-security] 20150118 Re: CVE request: directory traversal flaw in patch",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/173"
},
{
"name": "openSUSE-SU-2015:0199",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
},
{
"name": "gnupatch-unspecified-symlink(99967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1196",
"datePublished": "2015-01-21T18:00:00",
"dateReserved": "2015-01-18T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6951
Vulnerability from cvelistv5
Published
2018-02-13 19:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3624-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a | x_refsource_MISC | |
| http://www.securityfocus.com/bid/103044 | vdb-entry, x_refsource_BID | |
| https://savannah.gnu.org/bugs/index.php?53132 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201904-17 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
},
{
"name": "103044",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103044"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/index.php?53132"
},
{
"name": "GLSA-201904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T19:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
},
{
"name": "103044",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103044"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://savannah.gnu.org/bugs/index.php?53132"
},
{
"name": "GLSA-201904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3624-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
},
{
"name": "103044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103044"
},
{
"name": "https://savannah.gnu.org/bugs/index.php?53132",
"refsource": "MISC",
"url": "https://savannah.gnu.org/bugs/index.php?53132"
},
{
"name": "GLSA-201904-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6951",
"datePublished": "2018-02-13T19:00:00",
"dateReserved": "2018-02-13T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20633
Vulnerability from cvelistv5
Published
2020-03-25 16:44
Modified
2024-08-05 02:46
Severity ?
EPSS score ?
Summary
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
References
| ▼ | URL | Tags |
|---|---|---|
| https://savannah.gnu.org/bugs/index.php?56683 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:46:10.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/index.php?56683"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T16:44:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://savannah.gnu.org/bugs/index.php?56683"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/index.php?56683",
"refsource": "MISC",
"url": "https://savannah.gnu.org/bugs/index.php?56683"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20633",
"datePublished": "2020-03-25T16:44:49",
"dateReserved": "2020-03-25T00:00:00",
"dateUpdated": "2024-08-05T02:46:10.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20969
Vulnerability from cvelistv5
Published
2019-08-16 03:36
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Aug/29 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html | x_refsource_MISC | |
| https://github.com/irsl/gnu-patch-vulnerabilities | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:2798 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2964 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3757 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3758 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:4061 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"name": "RHSA-2019:2798",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"name": "RHSA-2019:2964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"name": "RHSA-2019:3757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"name": "RHSA-2019:3758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"name": "RHSA-2019:4061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T13:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"name": "RHSA-2019:2798",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"name": "RHSA-2019:2964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"name": "RHSA-2019:3757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"name": "RHSA-2019:3758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"name": "RHSA-2019:4061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"name": "https://github.com/irsl/gnu-patch-vulnerabilities",
"refsource": "MISC",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"name": "RHSA-2019:2798",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"name": "RHSA-2019:2964",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"name": "RHSA-2019:3757",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"name": "RHSA-2019:3758",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"name": "RHSA-2019:4061",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20969",
"datePublished": "2019-08-16T03:36:12",
"dateReserved": "2019-08-15T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1395
Vulnerability from cvelistv5
Published
2017-08-25 18:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/72846 | vdb-entry, x_refsource_BID | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html | vendor-advisory, x_refsource_FEDORA | |
| https://savannah.gnu.org/bugs/?44059 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/01/27/28 | mailing-list, x_refsource_MLIST | |
| https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.ubuntu.com/usn/USN-2651-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1184490 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
},
{
"name": "72846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72846"
},
{
"name": "FEDORA-2015-1134",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?44059"
},
{
"name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
},
{
"name": "FEDORA-2015-1165",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"name": "USN-2651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T17:57:02",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
},
{
"name": "72846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72846"
},
{
"name": "FEDORA-2015-1134",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?44059"
},
{
"name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
},
{
"name": "FEDORA-2015-1165",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"name": "USN-2651-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-1395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
},
{
"name": "72846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72846"
},
{
"name": "FEDORA-2015-1134",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"name": "https://savannah.gnu.org/bugs/?44059",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?44059"
},
{
"name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
},
{
"name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd",
"refsource": "CONFIRM",
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
},
{
"name": "FEDORA-2015-1165",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"name": "USN-2651-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-1395",
"datePublished": "2017-08-25T18:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6952
Vulnerability from cvelistv5
Published
2018-02-13 19:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://savannah.gnu.org/bugs/index.php?53133 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/103047 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201904-17 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2019:2033 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/index.php?53133"
},
{
"name": "103047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103047"
},
{
"name": "GLSA-201904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"name": "RHSA-2019:2033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://savannah.gnu.org/bugs/index.php?53133"
},
{
"name": "103047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103047"
},
{
"name": "GLSA-201904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"name": "RHSA-2019:2033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/index.php?53133",
"refsource": "MISC",
"url": "https://savannah.gnu.org/bugs/index.php?53133"
},
{
"name": "103047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103047"
},
{
"name": "GLSA-201904-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"name": "RHSA-2019:2033",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6952",
"datePublished": "2018-02-13T19:00:00",
"dateReserved": "2018-02-13T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13638
Vulnerability from cvelistv5
Published
2019-07-26 12:22
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:57:39.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"name": "DSA-4489",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"name": "GLSA-201908-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"name": "FEDORA-2019-ac709da87f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"name": "RHSA-2019:2798",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"name": "RHSA-2019:2964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"name": "RHSA-2019:3757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"name": "RHSA-2019:3758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"name": "RHSA-2019:4061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-03T13:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"name": "DSA-4489",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"name": "GLSA-201908-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"name": "FEDORA-2019-ac709da87f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"name": "RHSA-2019:2798",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"name": "RHSA-2019:2964",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"name": "RHSA-2019:3757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"name": "RHSA-2019:3758",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"name": "RHSA-2019:4061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-13638",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
},
{
"name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"name": "DSA-4489",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"name": "GLSA-201908-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"name": "FEDORA-2019-ac709da87f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190828-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"name": "https://github.com/irsl/gnu-patch-vulnerabilities",
"refsource": "MISC",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"name": "RHSA-2019:2798",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"name": "RHSA-2019:2964",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"name": "RHSA-2019:3757",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"name": "RHSA-2019:3758",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"name": "RHSA-2019:4061",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13638",
"datePublished": "2019-07-26T12:22:43",
"dateReserved": "2019-07-17T00:00:00",
"dateUpdated": "2024-08-04T23:57:39.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000156
Vulnerability from cvelistv5
Published
2018-04-06 13:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/index.php?53566"
},
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
},
{
"name": "USN-3624-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"name": "USN-3624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/kurtseifried/status/982028968877436928"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
},
{
"name": "RHSA-2018:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2091"
},
{
"name": "RHSA-2018:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2094"
},
{
"name": "RHSA-2018:2093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2093"
},
{
"name": "RHSA-2018:1200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1200"
},
{
"name": "RHSA-2018:2095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2095"
},
{
"name": "RHSA-2018:1199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1199"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
},
{
"name": "RHSA-2018:2092",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2092"
},
{
"name": "RHSA-2018:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2097"
},
{
"name": "RHSA-2018:2096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2096"
},
{
"name": "GLSA-201904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-04-05T00:00:00",
"datePublic": "2018-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD\u0027s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-16T17:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/index.php?53566"
},
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
},
{
"name": "USN-3624-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"name": "USN-3624-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/kurtseifried/status/982028968877436928"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
},
{
"name": "RHSA-2018:2091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2091"
},
{
"name": "RHSA-2018:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2094"
},
{
"name": "RHSA-2018:2093",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2093"
},
{
"name": "RHSA-2018:1200",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1200"
},
{
"name": "RHSA-2018:2095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2095"
},
{
"name": "RHSA-2018:1199",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1199"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
},
{
"name": "RHSA-2018:2092",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2092"
},
{
"name": "RHSA-2018:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2097"
},
{
"name": "RHSA-2018:2096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2096"
},
{
"name": "GLSA-201904-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "4/5/2018 18:20:32",
"ID": "CVE-2018-1000156",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD\u0027s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/index.php?53566",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/index.php?53566"
},
{
"name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
},
{
"name": "USN-3624-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"name": "USN-3624-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"name": "https://twitter.com/kurtseifried/status/982028968877436928",
"refsource": "MISC",
"url": "https://twitter.com/kurtseifried/status/982028968877436928"
},
{
"name": "http://rachelbythebay.com/w/2018/04/05/bangpatch/",
"refsource": "MISC",
"url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
},
{
"name": "RHSA-2018:2091",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2091"
},
{
"name": "RHSA-2018:2094",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2094"
},
{
"name": "RHSA-2018:2093",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2093"
},
{
"name": "RHSA-2018:1200",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1200"
},
{
"name": "RHSA-2018:2095",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2095"
},
{
"name": "RHSA-2018:1199",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1199"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
},
{
"name": "RHSA-2018:2092",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2092"
},
{
"name": "RHSA-2018:2097",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2097"
},
{
"name": "RHSA-2018:2096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2096"
},
{
"name": "GLSA-201904-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"name": "20190816 Details about recent GNU patch vulnerabilities",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000156",
"datePublished": "2018-04-06T13:00:00",
"dateReserved": "2018-04-06T00:00:00",
"dateUpdated": "2024-08-05T12:33:49.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-08-25 18:29
Modified
2024-11-21 02:21
Severity ?
Summary
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| mageia | mageia | 4.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| gnu | patch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B24AD1-B489-4673-9236-3530B01892B4",
"versionEndIncluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file."
},
{
"lang": "es",
"value": "GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (consumo de memoria y error de segmentaci\u00f3n) mediante un archivo diff manipulado."
}
],
"id": "CVE-2014-9637",
"lastModified": "2024-11-21T02:21:18.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-25T18:29:00.450",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72286"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://savannah.gnu.org/bugs/?44051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://savannah.gnu.org/bugs/?44051"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-13 19:29
Modified
2024-11-21 04:11
Severity ?
Summary
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E14E-0A19-4B70-B316-19577201C5D8",
"versionEndIncluding": "2.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."
},
{
"lang": "es",
"value": "Existe una doble liberaci\u00f3n (double free) en la funci\u00f3n another_hunk en pch.c en GNU patch hasta la versi\u00f3n 2.7.6."
}
],
"id": "CVE-2018-6952",
"lastModified": "2024-11-21T04:11:28.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T19:29:00.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103047"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?53133"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?53133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201904-17"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-25 16:15
Modified
2024-11-21 02:25
Severity ?
Summary
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | patch | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B63198AB-3DEA-4FD8-B23C-DD883AECE1BF",
"versionEndExcluding": "2.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Salto de Directorio en el parche GNU versiones anteriores a 2.7.4. Un atacante remoto puede escribir en archivos arbitrarios por medio de un ataque de tipo symlink en un archivo de parche. NOTA: este problema se presenta debido a una soluci\u00f3n incompleta para CVE-2015-1196."
}
],
"id": "CVE-2015-1396",
"lastModified": "2024-11-21T02:25:20.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-25T16:15:12.817",
"references": [
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"source": "security@debian.org",
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"source": "security@debian.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-06 13:29
Modified
2024-11-21 03:39
Severity ?
Summary
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "050A9139-DC81-4789-8FD9-A6EBFB8ED6E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD\u0027s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time."
},
{
"lang": "es",
"value": "La versi\u00f3n 2.7.6 de GNU Patch contiene una vulnerabilidad de validaci\u00f3n de entradas al procesar archivos patch; espec\u00edficamente la invocaci\u00f3n EDITOR_PROGRAM (usando ed) puede resultar en la ejecuci\u00f3n de c\u00f3digo. el ataque parece ser explotable mediante un archivo patch procesado mediante la utilidad patch. Esto es similar al CVE-2015-1418 de FreeBSD: aunque comparten un ancestro com\u00fan, las bases de c\u00f3digo han divergido con el tiempo."
}
],
"id": "CVE-2018-1000156",
"lastModified": "2024-11-21T03:39:48.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-06T13:29:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1199"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1200"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2091"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2092"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2093"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2094"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2095"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2096"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2097"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?53566"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/kurtseifried/status/982028968877436928"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?53566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/kurtseifried/status/982028968877436928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3624-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-22 18:15
Modified
2024-11-21 06:32
Severity ?
Summary
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://savannah.gnu.org/bugs/?61685 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://savannah.gnu.org/bugs/?61685 | Exploit, Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD560EB4-8686-438E-B190-4300CBAC19B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Puntero no V\u00e1lido en GNU patch versi\u00f3n 2.7, por medio de la funci\u00f3n another_hunk, que causa una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-45261",
"lastModified": "2024-11-21T06:32:02.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-22T18:15:08.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/?61685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/?61685"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-763"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-21 18:59
Modified
2024-11-21 02:24
Severity ?
Summary
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97E3E721-75B2-470D-830F-E4D373AA47B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file."
},
{
"lang": "es",
"value": "El parche de GNU 2.7.1 permite a atacantes remotos escribir a ficheros arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico en un fichero del parche."
}
],
"id": "CVE-2015-1196",
"lastModified": "2024-11-21T02:24:51.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-21T18:59:57.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2015/q1/173"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/72074"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2015/q1/173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/72074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-25 18:29
Modified
2024-11-21 02:25
Severity ?
Summary
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| gnu | patch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B24AD1-B489-4673-9236-3530B01892B4",
"versionEndIncluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en GNU en versiones de parche que soportan parcheo Git-style en versiones anteriores a la 2.7.3 permite que atacantes remotos escriban en archivos arbitrarios con los permisos del usuario objetivo mediante un \"..\" (dot dot) en el nombre de un archivo diff."
}
],
"id": "CVE-2015-1395",
"lastModified": "2024-11-21T02:25:20.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-25T18:29:00.590",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72846"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/?44059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2651-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/?44059"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-26 13:15
Modified
2024-11-21 04:25
Severity ?
Summary
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | patch | 2.7.6 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "050A9139-DC81-4789-8FD9-A6EBFB8ED6E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
},
{
"lang": "es",
"value": "RouterOS de Mikrotik anterior a versi\u00f3n 6.44.5 (\u00e1rbol de actualizaciones a largo plazo) es vulnerable al agotamiento de la memoria. Mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada, un atacante remoto autenticado puede bloquear el servidor HTTP y, en algunas circunstancias, reiniciar el sistema. El c\u00f3digo no puede ser inyectado."
}
],
"id": "CVE-2019-13638",
"lastModified": "2024-11-21T04:25:25.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-26T13:15:12.783",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4489"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-17 21:15
Modified
2024-11-21 04:25
Severity ?
Summary
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E14E-0A19-4B70-B316-19577201C5D8",
"versionEndIncluding": "2.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c."
},
{
"lang": "es",
"value": "En GNU parche hasta 2.7.6, el seguimiento de los enlaces simb\u00f3licos es manejado inapropiadamente en determinados casos diferentes a los archivos de entrada. Esto afecta a los archivos inp.c y util.c."
}
],
"id": "CVE-2019-13636",
"lastModified": "2024-11-21T04:25:24.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-17T21:15:11.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4071-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4071-2/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2019/dsa-4489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Jul/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4071-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4071-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4489"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-16 04:15
Modified
2024-11-21 04:02
Severity ?
Summary
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E14E-0A19-4B70-B316-19577201C5D8",
"versionEndIncluding": "2.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter."
},
{
"lang": "es",
"value": "La funci\u00f3n do_ed_script en el archivo pch.c en el parche GNU versiones hasta 2.7.6 no bloquea cadenas que comienzan con un car\u00e1cter !. NOTA: este es el mismo commit para CVE-2019-13638, pero la sintaxis ! es espec\u00edfica para ed y no est\u00e1 relacionada con un metacar\u00e1cter de shell."
}
],
"id": "CVE-2018-20969",
"lastModified": "2024-11-21T04:02:35.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-16T04:15:09.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-13 19:29
Modified
2024-11-21 02:44
Severity ?
Summary
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F66FFA7-7F17-44BB-80AD-79BCA2DB98F1",
"versionEndExcluding": "2.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 2.7.6 de GNU patch. El acceso fuera de l\u00edmites en pch_write_line() en pch.c puede conducir a DoS mediante un archivo de entradas manipulado."
}
],
"id": "CVE-2016-10713",
"lastModified": "2024-11-21T02:44:34.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T19:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103063"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3624-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3624-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-25 17:15
Modified
2024-11-21 04:38
Severity ?
Summary
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://savannah.gnu.org/bugs/index.php?56683 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://savannah.gnu.org/bugs/index.php?56683 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E14E-0A19-4B70-B316-19577201C5D8",
"versionEndIncluding": "2.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952."
},
{
"lang": "es",
"value": "El parche de GNU versiones hasta 2.7.6, contiene una vulnerabilidad de Doble Liberaci\u00f3n en free(p_line [p_end]) en la funci\u00f3n another_hunk en el archivo pch.c, que puede causar una denegaci\u00f3n de servicio por medio de un archivo de parche dise\u00f1ado. NOTA: este problema se presenta debido a una correcci\u00f3n incompleta para CVE-2018-6952."
}
],
"id": "CVE-2019-20633",
"lastModified": "2024-11-21T04:38:55.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-25T17:15:14.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?56683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?56683"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-13 19:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/103044 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a | Patch, Vendor Advisory | |
| cve@mitre.org | https://savannah.gnu.org/bugs/index.php?53132 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201904-17 | ||
| cve@mitre.org | https://usn.ubuntu.com/3624-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103044 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://savannah.gnu.org/bugs/index.php?53132 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201904-17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3624-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | patch | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0324E14E-0A19-4B70-B316-19577201C5D8",
"versionEndIncluding": "2.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue."
},
{
"lang": "es",
"value": "Se ha descubierto un problema hasta la versi\u00f3n 2.7.6 de GNU patch. Hay un fallo de segmentaci\u00f3n, asociado con una desreferencia de puntero NULL, que conduce a una denegaci\u00f3n de servicio (DoS) en la funci\u00f3n intuit_diff_type en pch.c. Esto tambi\u00e9n se conoce como problema \"mangled rename\"."
}
],
"id": "CVE-2018-6951",
"lastModified": "2024-11-21T04:11:28.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-13T19:29:00.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103044"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?53132"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3624-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://savannah.gnu.org/bugs/index.php?53132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201904-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3624-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}