RSS   Vulnerabilities for 'Patch'   RSS

2018-04-06
 
CVE-2018-1000156

CWE-20
 

 
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

 
2018-02-13
 
CVE-2018-6952

CWE-415
 

 
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

 
 
CVE-2018-6951

CWE-476
 

 
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

 
 
CVE-2016-10713

CWE-119
 

 
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.

 
2017-08-25
 
CVE-2015-1395

 

 
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

 
 
CVE-2014-9637

 

 
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

 
2015-01-21
 
CVE-2015-1196

CWE-59
 

 
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

 

 >>> Vendor: GNU 99 Products
INET
LIBC
Fingerd
WGET
BASH
Finger service
Gnumeric
MAKE
Emacs
Glibc
Mailman
Userv
Groff
Cfengine
Privacy guard
ED
G++
GCC
Findutils
GZIP
TAR
Radius
Enscript
ZLIB
Sharutils
Chess
Fileutils
Screen
Data display debugger
Zebra
LSH
Libtool
Anubis
FLIM
Aspell
Queue
Ksymoops
Gnats
Gettext
Mailutils
A2PS
Realtime linux security module
LESS
Gnubiff
Gnutls
Xemacs
Coreutils
CPIO
GDB
Phpbook
Texinfo
Gnump3d
Binutils
GV
Libtool-ltdl
Gpgme
Gnumail
Iceweasel
Flash player
GIMP
Tramp
Libcdio
M4
SCCS
Grub legacy
ADNS
Ibackup
Escript
Classpath
Gnu screen
Automake
Grub 2
NANO
Gnash
Gnu patch
Eglibc
Libtasn1
Libiberty
GREP
Libmicrohttpd
RUSH
GRUB
Readline
Patch
Parallel
Grub2
Libidn
Guile
OSIP
Gnutls libtasn1
Libssp
Ncurses
PSPP
CVS
Libextractor
Global
Guixsd
Recutils
Libredwg


Copyright 2019, cxsecurity.com

 

Back to Top