CPE – GNU Patch 2.7.6

CPE Details

GNU Patch 2.7.6

Vendor

gnu

Product

patch

Version

2.7.6

Created

2019-08-05
11h58 +00:00

Modifié

2019-08-05
11h58 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:gnu:patch:2.7.6:::::::*

Informations

Vendor

gnu

Product

patch

Version

2.7.6

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2019-20633	2020-03-25 15h44 +00:00	GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.	5.5	Moyen
CVE-2018-20969	2019-08-16 01h36 +00:00	do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.	7.8	Haute
CVE-2019-13638	2019-07-26 10h22 +00:00	GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.	7.8	Haute
CVE-2019-13636	2019-07-17 18h04 +00:00	In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.	5.9	Moyen
CVE-2018-1000156	2018-04-06 11h00 +00:00	GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.	7.8	Haute
CVE-2018-6951	2018-02-13 18h00 +00:00	An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.	7.5	Haute
CVE-2018-6952	2018-02-13 18h00 +00:00	A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.	7.5	Haute

GNU Patch 2.7.6

CPE Details

CPE Name: cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:gnu:patch:2.7.6:::::::*