11 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. Se presenta una vulnerabilidad de Puntero no Válido en GNU patch versión 2.7, por medio de la función another_hunk, que causa una denegación de servicio • https://savannah.gnu.org/bugs/?61685 • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. El parche de GNU versiones hasta 2.7.6, contiene una vulnerabilidad de Doble Liberación en free(p_line [p_end]) en la función another_hunk en el archivo pch.c, que puede causar una denegación de servicio por medio de un archivo de parche diseñado. NOTA: este problema se presenta debido a una corrección incompleta para CVE-2018-6952. • https://savannah.gnu.org/bugs/index.php?56683 • CWE-415: Double Free •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. La función do_ed_script en el archivo pch.c en el parche GNU versiones hasta 2.7.6 no bloquea cadenas que comienzan con un carácter !. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://access.redhat.com/errata/RHSA-2019:2798 https://access.redhat.com/errata/RHSA-2019:2964 https://access.redhat.com/errata/RHSA-2019:3757 https://access.redhat.com/errata/RHSA-2019:3758 https://access.redhat.com/errata/RHSA-2019:4061 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 https://github.com/irsl/gnu-patch-vulnerabilities https://seclists. • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.9EPSS: 2%CPEs: 1EXPL: 0

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. En GNU parche hasta 2.7.6, el seguimiento de los enlaces simbólicos es manejado inapropiadamente en determinados casos diferentes a los archivos de entrada. Esto afecta a los archivos inp.c y util.c. GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a https://github.com/irsl/gnu-patch-vulnerabilities https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT https://seclists.org/bugtraq/2019/Aug/29 https://seclists.org/bugtraq/2019/Jul/54 https& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. Se ha descubierto un problema en versiones anteriores a la 2.7.6 de GNU patch. El acceso fuera de límites en pch_write_line() en pch.c puede conducir a DoS mediante un archivo de entradas manipulado. A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. • http://www.securityfocus.com/bid/103063 https://access.redhat.com/errata/RHSA-2019:2033 https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866 https://usn.ubuntu.com/3624-1 https://usn.ubuntu.com/3624-2 https://access.redhat.com/security/cve/CVE-2016-10713 https://bugzilla.redhat.com/show_bug.cgi?id=1545405 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •