Summary
| Detail | |||
|---|---|---|---|
| Vendor | Gnu | First view | 2015-01-21 |
| Product | Patch | Last view | 2020-03-25 |
| Version | 2.7.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:gnu:patch | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2020-03-25 | CVE-2019-20633 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. |
| 7.5 | 2019-11-25 | CVE-2015-1396 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. |
| 7.8 | 2019-08-16 | CVE-2018-20969 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. |
| 5.9 | 2019-07-17 | CVE-2019-13636 | In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. |
| 7.5 | 2018-02-13 | CVE-2018-6952 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
| 7.5 | 2018-02-13 | CVE-2018-6951 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. |
| 5.5 | 2018-02-13 | CVE-2016-10713 | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. |
| 7.5 | 2017-08-25 | CVE-2015-1395 | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. |
| 5.5 | 2017-08-25 | CVE-2014-9637 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. |
| 4.3 | 2015-01-21 | CVE-2015-1196 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (2) | CWE-415 | Double Free |
| 20% (2) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 20% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 10% (1) | CWE-476 | NULL Pointer Dereference |
| 10% (1) | CWE-399 | Resource Management Errors |
| 10% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10% (1) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c255f16bfe.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-90af6f5b8a.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_791841a3d4844878890992ef9ce424f4.nasl - Type: ACT_GATHER_INFO |
| 2018-10-22 | Name: The remote Fedora host is missing a security update. File: fedora_2018-d547a126e7.nasl - Type: ACT_GATHER_INFO |
| 2018-10-22 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0102.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0189.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO |
| 2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0037.nasl - Type: ACT_GATHER_INFO |
| 2018-02-21 | Name: The remote Fedora host is missing a security update. File: fedora_2018-b127e58641.nasl - Type: ACT_GATHER_INFO |
| 2015-06-23 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-2651-1.nasl - Type: ACT_GATHER_INFO |
| 2015-06-10 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1019-1.nasl - Type: ACT_GATHER_INFO |
| 2015-04-07 | Name: The remote Fedora host is missing a security update. File: fedora_2015-1165.nasl - Type: ACT_GATHER_INFO |
| 2015-03-30 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2015-138.nasl - Type: ACT_GATHER_INFO |
| 2015-03-19 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2015-050.nasl - Type: ACT_GATHER_INFO |
| 2015-02-17 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2015-047-01.nasl - Type: ACT_GATHER_INFO |
| 2015-02-04 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-98.nasl - Type: ACT_GATHER_INFO |
| 2015-02-02 | Name: The remote Fedora host is missing a security update. File: fedora_2015-1134.nasl - Type: ACT_GATHER_INFO |
