CVE-2018-6951
https://notcve.org/view.php?id=CVE-2018-6951
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. Se ha descubierto un problema hasta la versión 2.7.6 de GNU patch. Hay un fallo de segmentación, asociado con una desreferencia de puntero NULL, que conduce a una denegación de servicio (DoS) en la función intuit_diff_type en pch.c. Esto también se conoce como problema "mangled rename". • http://www.securityfocus.com/bid/103044 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a https://savannah.gnu.org/bugs/index.php?53132 https://security.gentoo.org/glsa/201904-17 https://usn.ubuntu.com/3624-1 • CWE-476: NULL Pointer Dereference •
CVE-2018-6952 – patch: Double free of memory in pch.c:another_hunk() causes a crash
https://notcve.org/view.php?id=CVE-2018-6952
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Existe una doble liberación (double free) en la función another_hunk en pch.c en GNU patch hasta la versión 2.7.6. A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches. • http://www.securityfocus.com/bid/103047 https://access.redhat.com/errata/RHSA-2019:2033 https://savannah.gnu.org/bugs/index.php?53133 https://security.gentoo.org/glsa/201904-17 https://access.redhat.com/security/cve/CVE-2018-6952 https://bugzilla.redhat.com/show_bug.cgi?id=1545053 • CWE-415: Double Free CWE-416: Use After Free •