CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45261
https://notcve.org/view.php?id=CVE-2021-45261
22 Dec 2021 — An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. Se presenta una vulnerabilidad de Puntero no Válido en GNU patch versión 2.7, por medio de la función another_hunk, que causa una denegación de servicio • https://savannah.gnu.org/bugs/?61685 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-20633
https://notcve.org/view.php?id=CVE-2019-20633
25 Mar 2020 — GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. El parche de GNU versiones hasta 2.7.6, contiene una vulnerabilidad de Doble Liberación en free(p_line [p_end]) en la función another_hunk en el archivo pch.c, que puede causar una denegación de servicio por medio de un archivo de parche diseñado. NOTA: este p... • https://savannah.gnu.org/bugs/index.php?56683 • CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-20969 – patch: do_ed_script in pch.c does not block strings beginning with a ! character
https://notcve.org/view.php?id=CVE-2018-20969
16 Aug 2019 — do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. La función do_ed_script en el archivo pch.c en el parche GNU versiones hasta 2.7.6 no bloquea cadenas que comienzan con un carácter !. • https://packetstorm.news/files/id/154124 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 1CVE-2019-13636 – patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files
https://notcve.org/view.php?id=CVE-2019-13636
17 Jul 2019 — In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. En GNU parche hasta 2.7.6, el seguimiento de los enlaces simbólicos es manejado inapropiadamente en determinados casos diferentes a los archivos de entrada. Esto afecta a los archivos inp.c y util.c. USN-4071-1 fixed several vulnerabilities in Patch. • https://packetstorm.news/files/id/154124 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6951 – Gentoo Linux Security Advisory 201904-17
https://notcve.org/view.php?id=CVE-2018-6951
13 Feb 2018 — An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. Se ha descubierto un problema hasta la versión 2.7.6 de GNU patch. Hay un fallo de segmentación, asociado con una desreferencia de puntero NULL, que conduce a una denegación de servicio (DoS) en la función intuit_diff_type en pch.c. Esto también se conoce como problema "mangled re... • http://www.securityfocus.com/bid/103044 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10713 – patch: Out-of-bounds access in pch_write_line function in pch.c
https://notcve.org/view.php?id=CVE-2016-10713
13 Feb 2018 — An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. Se ha descubierto un problema en versiones anteriores a la 2.7.6 de GNU patch. El acceso fuera de límites en pch_write_line() en pch.c puede conducir a DoS mediante un archivo de entradas manipulado. A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. • http://www.securityfocus.com/bid/103063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6952 – patch: Double free of memory in pch.c:another_hunk() causes a crash
https://notcve.org/view.php?id=CVE-2018-6952
13 Feb 2018 — A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Existe una doble liberación (double free) en la función another_hunk en pch.c en GNU patch hasta la versión 2.7.6. A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches. The patch program applies diff files to originals. • http://www.securityfocus.com/bid/103047 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 8%CPEs: 5EXPL: 0CVE-2015-1396 – Ubuntu Security Notice USN-2651-1
https://notcve.org/view.php?id=CVE-2015-1396
22 Jun 2015 — A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. Se presenta una vulnerabilidad de Salto de Directorio en el parche GNU versiones anteriores a 2.7.4. Un atacante remoto puede escribir en archivos arbitrarios por medio de un ataque de tipo symlink en un archivo de parche. • http://www.openwall.com/lists/oss-security/2015/01/27/29 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 1%CPEs: 7EXPL: 0CVE-2014-9637 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2014-9637
02 Mar 2015 — GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria y error de segmentación) mediante un archivo diff manipulado. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the p... • http://advisories.mageia.org/MGASA-2015-0068.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1395 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2015-1395
02 Mar 2015 — Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Una vulnerabilidad de salto de directorio en GNU en versiones de parche que soportan parcheo Git-style en versiones anteriores a la 2.7.3 permite que atacantes remotos escriban en archivos arbitrarios con los permisos del usuario objetivo mediante un ".." (dot dot) en el nombre... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •