CVE-2019-20633
https://notcve.org/view.php?id=CVE-2019-20633
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. El parche de GNU versiones hasta 2.7.6, contiene una vulnerabilidad de Doble Liberación en free(p_line [p_end]) en la función another_hunk en el archivo pch.c, que puede causar una denegación de servicio por medio de un archivo de parche diseñado. NOTA: este problema se presenta debido a una corrección incompleta para CVE-2018-6952. • https://savannah.gnu.org/bugs/index.php?56683 • CWE-415: Double Free •
CVE-2018-20969 – patch: do_ed_script in pch.c does not block strings beginning with a ! character
https://notcve.org/view.php?id=CVE-2018-20969
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. La función do_ed_script en el archivo pch.c en el parche GNU versiones hasta 2.7.6 no bloquea cadenas que comienzan con un carácter !. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://access.redhat.com/errata/RHSA-2019:2798 https://access.redhat.com/errata/RHSA-2019:2964 https://access.redhat.com/errata/RHSA-2019:3757 https://access.redhat.com/errata/RHSA-2019:3758 https://access.redhat.com/errata/RHSA-2019:4061 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 https://github.com/irsl/gnu-patch-vulnerabilities https://seclists. • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-13638 – patch: OS shell command injection when processing crafted patch files
https://notcve.org/view.php?id=CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. RouterOS de Mikrotik anterior a versión 6.44.5 (árbol de actualizaciones a largo plazo) es vulnerable al agotamiento de la memoria. Mediante el envío de una petición HTTP diseñada, un atacante remoto autenticado puede bloquear el servidor HTTP y, en algunas circunstancias, reiniciar el sistema. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://access.redhat.com/errata/RHSA-2019:2798 https://access.redhat.com/errata/RHSA-2019:2964 https://access.redhat.com/errata/RHSA-2019:3757 https://access.redhat.com/errata/RHSA-2019:3758 https://access.redhat.com/errata/RHSA-2019:4061 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 https://github.com/irsl/gnu-patch-vulnerabilities https://lists.fe • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-13636 – patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files
https://notcve.org/view.php?id=CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. En GNU parche hasta 2.7.6, el seguimiento de los enlaces simbólicos es manejado inapropiadamente en determinados casos diferentes a los archivos de entrada. Esto afecta a los archivos inp.c y util.c. GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a https://github.com/irsl/gnu-patch-vulnerabilities https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT https://seclists.org/bugtraq/2019/Aug/29 https://seclists.org/bugtraq/2019/Jul/54 https& • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; específicamente la invocación EDITOR_PROGRAM (usando ed) puede resultar en la ejecución de código. el ataque parece ser explotable mediante un archivo patch procesado mediante la utilidad patch. Esto es similar al CVE-2015-1418 de FreeBSD: aunque comparten un ancestro común, las bases de código han divergido con el tiempo. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html http://rachelbythebay.com/w/2018/04/05/bangpatch https://access.redhat.com/errata/RHSA-2018:1199 https://access.redhat.com/errata/RHSA-2018:1200 https://access.redhat.com/errata/RHSA-2018:2091 https://access.redhat.com/errata/RHSA-2018:2092 https://access.redhat.com/errata/RHSA-2018:2093 https://access.redhat.com/errata/RHSA-2018:2094 https://access.redhat.com/errata/RHSA-2018:2095 ht • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •