Search

Find a vulnerability

Search criteria

    30 vulnerabilities found for patch by GNU

    CVE-2026-56289 (GCVE-0-2026-56289)

    Vulnerability from nvd – Published: 2026-07-09 09:29 – Updated: 2026-07-09 12:21 X_Open Source
    VLAI
    Title
    Loop with Unreachable Exit Condition in GNU patch
    Summary
    GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position. This results in excessive CPU consumption and prevents the process from completing. An attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination. This issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    GNU patch Affected: 0 , ≤ 2.8.0 (semver)
    Create a notification for this product.
    Credits
    Michał Majchrowicz (AFINE Team) Marcin Wyczechowski (AFINE Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56289",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:20:43.274659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:21:39.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "patch",
              "repo": "https://cgit.git.savannah.gnu.org/cgit/patch.git/",
              "vendor": "GNU",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz (AFINE Team)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski (AFINE Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position.\u003cbr\u003eThis results in excessive CPU consumption and prevents the process from completing.\u003cbr\u003eAn attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003cp\u003eThis issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position.\nThis results in excessive CPU consumption and prevents the process from completing.\nAn attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination.\n\n\n\nThis issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T09:29:22.467Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/07/CVE-2026-56288"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=faba04ef4f2b410257f76c1b9dc85e350929c4b9"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Loop with Unreachable Exit Condition in GNU patch",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2026-56289",
        "datePublished": "2026-07-09T09:29:22.467Z",
        "dateReserved": "2026-06-20T10:58:09.261Z",
        "dateUpdated": "2026-07-09T12:21:39.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56288 (GCVE-0-2026-56288)

    Vulnerability from nvd – Published: 2026-07-09 09:29 – Updated: 2026-07-09 12:57 X_Open Source
    VLAI
    Title
    NULL Pointer Dereference in GNU patch
    Summary
    GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service. This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    GNU patch Affected: 0 , ≤ 2.8.0 (semver)
    Create a notification for this product.
    Credits
    Michał Majchrowicz (AFINE Team) Marcin Wyczechowski (AFINE Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56288",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:57:28.554596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:57:48.785Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "patch",
              "repo": "https://cgit.git.savannah.gnu.org/cgit/patch.git/",
              "vendor": "GNU",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz (AFINE Team)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski (AFINE Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing.\u003cbr\u003eAn attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313\u003c/p\u003e"
                }
              ],
              "value": "GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing.\nAn attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.\n\n\n\nThis issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T09:29:07.947Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/07/CVE-2026-56288"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=e6d6a4e021660679d7fc9150f981d4920f722313"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "NULL Pointer Dereference in GNU patch",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2026-56288",
        "datePublished": "2026-07-09T09:29:07.947Z",
        "dateReserved": "2026-06-20T10:58:09.261Z",
        "dateUpdated": "2026-07-09T12:57:48.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-45261 (GCVE-0-2021-45261)

    Vulnerability from nvd – Published: 2021-12-22 17:12 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://savannah.gnu.org/bugs/?61685 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/?61685"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-22T17:12:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/?61685"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/?61685",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/?61685"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45261",
        "datePublished": "2021-12-22T17:12:19.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.422Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20633 (GCVE-0-2019-20633)

    Vulnerability from nvd – Published: 2020-03-25 16:44 – Updated: 2024-08-05 02:46
    VLAI
    Summary
    GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:46:10.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?56683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-25T16:44:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/index.php?56683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-20633",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?56683",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/index.php?56683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-20633",
        "datePublished": "2020-03-25T16:44:49.000Z",
        "dateReserved": "2020-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:46:10.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1396 (GCVE-0-2015-1396)

    Vulnerability from nvd – Published: 2019-11-25 15:44 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
    Severity
    No CVSS data available.
    CWE
    • directory traversal
    Assigner
    References
    Date Public
    2015-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
              },
              {
                "name": "75358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75358"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75358"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2651-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T17:49:38.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
            },
            {
              "name": "75358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75358"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/75358"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2651-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-1396",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
                },
                {
                  "name": "75358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75358"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
                },
                {
                  "name": "http://www.securityfocus.com/bid/75358",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/75358"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-2651-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-2651-1"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2015/01/27/29",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-1396",
        "datePublished": "2019-11-25T15:44:16.000Z",
        "dateReserved": "2015-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20969 (GCVE-0-2018-20969)

    Vulnerability from nvd – Published: 2019-08-16 03:36 – Updated: 2024-08-05 12:19
    VLAI
    Summary
    do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:19:26.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
              },
              {
                "name": "RHSA-2019:2798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2798"
              },
              {
                "name": "RHSA-2019:2964",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2964"
              },
              {
                "name": "RHSA-2019:3757",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3757"
              },
              {
                "name": "RHSA-2019:3758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3758"
              },
              {
                "name": "RHSA-2019:4061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4061"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-03T13:06:03.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
            },
            {
              "name": "RHSA-2019:2798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2798"
            },
            {
              "name": "RHSA-2019:2964",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2964"
            },
            {
              "name": "RHSA-2019:3757",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3757"
            },
            {
              "name": "RHSA-2019:3758",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3758"
            },
            {
              "name": "RHSA-2019:4061",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4061"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-20969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                },
                {
                  "name": "https://github.com/irsl/gnu-patch-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
                },
                {
                  "name": "RHSA-2019:2798",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2798"
                },
                {
                  "name": "RHSA-2019:2964",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2964"
                },
                {
                  "name": "RHSA-2019:3757",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3757"
                },
                {
                  "name": "RHSA-2019:3758",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3758"
                },
                {
                  "name": "RHSA-2019:4061",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4061"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-20969",
        "datePublished": "2019-08-16T03:36:12.000Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:19:26.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13638 (GCVE-0-2019-13638)

    Vulnerability from nvd – Published: 2019-07-26 12:22 – Updated: 2024-08-04 23:57
    VLAI
    Summary
    GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
              },
              {
                "name": "DSA-4489",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4489"
              },
              {
                "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jul/54"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              },
              {
                "name": "GLSA-201908-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-22"
              },
              {
                "name": "FEDORA-2019-ac709da87f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
              },
              {
                "name": "RHSA-2019:2798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2798"
              },
              {
                "name": "RHSA-2019:2964",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2964"
              },
              {
                "name": "RHSA-2019:3757",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3757"
              },
              {
                "name": "RHSA-2019:3758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3758"
              },
              {
                "name": "RHSA-2019:4061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4061"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-03T13:06:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
            },
            {
              "name": "DSA-4489",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4489"
            },
            {
              "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jul/54"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "name": "GLSA-201908-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-22"
            },
            {
              "name": "FEDORA-2019-ac709da87f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
            },
            {
              "name": "RHSA-2019:2798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2798"
            },
            {
              "name": "RHSA-2019:2964",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2964"
            },
            {
              "name": "RHSA-2019:3757",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3757"
            },
            {
              "name": "RHSA-2019:3758",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3758"
            },
            {
              "name": "RHSA-2019:4061",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4061"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-13638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2019-13638",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
                },
                {
                  "name": "DSA-4489",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4489"
                },
                {
                  "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jul/54"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                },
                {
                  "name": "GLSA-201908-22",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-22"
                },
                {
                  "name": "FEDORA-2019-ac709da87f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190828-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
                },
                {
                  "name": "https://github.com/irsl/gnu-patch-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
                },
                {
                  "name": "RHSA-2019:2798",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2798"
                },
                {
                  "name": "RHSA-2019:2964",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2964"
                },
                {
                  "name": "RHSA-2019:3757",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3757"
                },
                {
                  "name": "RHSA-2019:3758",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3758"
                },
                {
                  "name": "RHSA-2019:4061",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4061"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-13638",
        "datePublished": "2019-07-26T12:22:43.000Z",
        "dateReserved": "2019-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:57:39.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13636 (GCVE-0-2019-13636)

    Vulnerability from nvd – Published: 2019-07-17 20:04 – Updated: 2024-08-04 23:57
    VLAI
    Summary
    In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
              },
              {
                "name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
              },
              {
                "name": "USN-4071-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4071-1/"
              },
              {
                "name": "USN-4071-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4071-2/"
              },
              {
                "name": "DSA-4489",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4489"
              },
              {
                "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jul/54"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              },
              {
                "name": "GLSA-201908-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-22"
              },
              {
                "name": "FEDORA-2019-ac709da87f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-05T15:38:29.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
            },
            {
              "name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
            },
            {
              "name": "USN-4071-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4071-1/"
            },
            {
              "name": "USN-4071-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4071-2/"
            },
            {
              "name": "DSA-4489",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4489"
            },
            {
              "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jul/54"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "name": "GLSA-201908-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-22"
            },
            {
              "name": "FEDORA-2019-ac709da87f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-13636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
                },
                {
                  "name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
                },
                {
                  "name": "USN-4071-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4071-1/"
                },
                {
                  "name": "USN-4071-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4071-2/"
                },
                {
                  "name": "DSA-4489",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4489"
                },
                {
                  "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jul/54"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                },
                {
                  "name": "GLSA-201908-22",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-22"
                },
                {
                  "name": "FEDORA-2019-ac709da87f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190828-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
                },
                {
                  "name": "https://github.com/irsl/gnu-patch-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-13636",
        "datePublished": "2019-07-17T20:04:00.000Z",
        "dateReserved": "2019-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:57:39.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000156 (GCVE-0-2018-1000156)

    Vulnerability from nvd – Published: 2018-04-06 13:00 – Updated: 2025-04-14 19:36
    VLAI
    Summary
    GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:49.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?53566"
              },
              {
                "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
              },
              {
                "name": "USN-3624-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-2/"
              },
              {
                "name": "USN-3624-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/982028968877436928"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
              },
              {
                "name": "RHSA-2018:2091",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2091"
              },
              {
                "name": "RHSA-2018:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2094"
              },
              {
                "name": "RHSA-2018:2093",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2093"
              },
              {
                "name": "RHSA-2018:1200",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1200"
              },
              {
                "name": "RHSA-2018:2095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2095"
              },
              {
                "name": "RHSA-2018:1199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1199"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
              },
              {
                "name": "RHSA-2018:2092",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2092"
              },
              {
                "name": "RHSA-2018:2097",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2097"
              },
              {
                "name": "RHSA-2018:2096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2096"
              },
              {
                "name": "GLSA-201904-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201904-17"
              },
              {
                "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jul/54"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-04-05T00:00:00.000Z",
          "datePublic": "2018-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD\u0027s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T19:36:21.263Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://savannah.gnu.org/bugs/index.php?53566"
            },
            {
              "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
            },
            {
              "name": "USN-3624-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/3624-2/"
            },
            {
              "name": "USN-3624-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/3624-1/"
            },
            {
              "url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
            },
            {
              "name": "RHSA-2018:2091",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2091"
            },
            {
              "name": "RHSA-2018:2094",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2094"
            },
            {
              "name": "RHSA-2018:2093",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2093"
            },
            {
              "name": "RHSA-2018:1200",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1200"
            },
            {
              "name": "RHSA-2018:2095",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2095"
            },
            {
              "name": "RHSA-2018:1199",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1199"
            },
            {
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
            },
            {
              "name": "RHSA-2018:2092",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2092"
            },
            {
              "name": "RHSA-2018:2097",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2097"
            },
            {
              "name": "RHSA-2018:2096",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2096"
            },
            {
              "name": "GLSA-201904-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201904-17"
            },
            {
              "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jul/54"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "url": "https://web.archive.org/web/20180405231329/https://twitter.com/kurtseifried/status/982028968877436928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "4/5/2018 18:20:32",
              "ID": "CVE-2018-1000156",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD\u0027s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?53566",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.gnu.org/bugs/index.php?53566"
                },
                {
                  "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
                },
                {
                  "name": "USN-3624-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-2/"
                },
                {
                  "name": "USN-3624-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-1/"
                },
                {
                  "name": "https://twitter.com/kurtseifried/status/982028968877436928",
                  "refsource": "MISC",
                  "url": "https://twitter.com/kurtseifried/status/982028968877436928"
                },
                {
                  "name": "http://rachelbythebay.com/w/2018/04/05/bangpatch/",
                  "refsource": "MISC",
                  "url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
                },
                {
                  "name": "RHSA-2018:2091",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2091"
                },
                {
                  "name": "RHSA-2018:2094",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2094"
                },
                {
                  "name": "RHSA-2018:2093",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2093"
                },
                {
                  "name": "RHSA-2018:1200",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1200"
                },
                {
                  "name": "RHSA-2018:2095",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2095"
                },
                {
                  "name": "RHSA-2018:1199",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1199"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
                },
                {
                  "name": "RHSA-2018:2092",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2092"
                },
                {
                  "name": "RHSA-2018:2097",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2097"
                },
                {
                  "name": "RHSA-2018:2096",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2096"
                },
                {
                  "name": "GLSA-201904-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201904-17"
                },
                {
                  "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jul/54"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000156",
        "datePublished": "2018-04-06T13:00:00.000Z",
        "dateReserved": "2018-04-06T00:00:00.000Z",
        "dateUpdated": "2025-04-14T19:36:21.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6952 (GCVE-0-2018-6952)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://savannah.gnu.org/bugs/index.php?53133 x_refsource_MISC
    http://www.securityfocus.com/bid/103047 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201904-17 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2019:2033 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?53133"
              },
              {
                "name": "103047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103047"
              },
              {
                "name": "GLSA-201904-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201904-17"
              },
              {
                "name": "RHSA-2019:2033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2033"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/index.php?53133"
            },
            {
              "name": "103047",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103047"
            },
            {
              "name": "GLSA-201904-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201904-17"
            },
            {
              "name": "RHSA-2019:2033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2033"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-6952",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?53133",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/index.php?53133"
                },
                {
                  "name": "103047",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103047"
                },
                {
                  "name": "GLSA-201904-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201904-17"
                },
                {
                  "name": "RHSA-2019:2033",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2033"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-6952",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6951 (GCVE-0-2018-6951)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3624-1/ vendor-advisoryx_refsource_UBUNTU
    https://git.savannah.gnu.org/cgit/patch.git/commi… x_refsource_MISC
    http://www.securityfocus.com/bid/103044 vdb-entryx_refsource_BID
    https://savannah.gnu.org/bugs/index.php?53132 x_refsource_MISC
    https://security.gentoo.org/glsa/201904-17 vendor-advisoryx_refsource_GENTOO
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3624-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
              },
              {
                "name": "103044",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103044"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?53132"
              },
              {
                "name": "GLSA-201904-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201904-17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T19:06:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3624-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3624-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
            },
            {
              "name": "103044",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103044"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/index.php?53132"
            },
            {
              "name": "GLSA-201904-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201904-17"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-6951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3624-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-1/"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
                },
                {
                  "name": "103044",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103044"
                },
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?53132",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/index.php?53132"
                },
                {
                  "name": "GLSA-201904-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201904-17"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-6951",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-10713 (GCVE-0-2016-10713)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-06 03:30
    VLAI
    Summary
    An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3624-2/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3624-1/ vendor-advisoryx_refsource_UBUNTU
    https://git.savannah.gnu.org/cgit/patch.git/commi… x_refsource_MISC
    http://www.securityfocus.com/bid/103063 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2019:2033 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:30:20.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3624-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-2/"
              },
              {
                "name": "USN-3624-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
              },
              {
                "name": "103063",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103063"
              },
              {
                "name": "RHSA-2019:2033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2033"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3624-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3624-2/"
            },
            {
              "name": "USN-3624-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3624-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
            },
            {
              "name": "103063",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103063"
            },
            {
              "name": "RHSA-2019:2033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2033"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-10713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3624-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-2/"
                },
                {
                  "name": "USN-3624-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-1/"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
                },
                {
                  "name": "103063",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103063"
                },
                {
                  "name": "RHSA-2019:2033",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2033"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-10713",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:30:20.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1395 (GCVE-0-2015-1395)

    Vulnerability from nvd – Published: 2017-08-25 18:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.688Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
              },
              {
                "name": "72846",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72846"
              },
              {
                "name": "FEDORA-2015-1134",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/?44059"
              },
              {
                "name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
              },
              {
                "name": "FEDORA-2015-1165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
              },
              {
                "name": "USN-2651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2651-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-25T17:57:02.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
            },
            {
              "name": "72846",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72846"
            },
            {
              "name": "FEDORA-2015-1134",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.gnu.org/bugs/?44059"
            },
            {
              "name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
            },
            {
              "name": "FEDORA-2015-1165",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
            },
            {
              "name": "USN-2651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2651-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-1395",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
                },
                {
                  "name": "72846",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72846"
                },
                {
                  "name": "FEDORA-2015-1134",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
                },
                {
                  "name": "https://savannah.gnu.org/bugs/?44059",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.gnu.org/bugs/?44059"
                },
                {
                  "name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd",
                  "refsource": "CONFIRM",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
                },
                {
                  "name": "FEDORA-2015-1165",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
                },
                {
                  "name": "USN-2651-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2651-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-1395",
        "datePublished": "2017-08-25T18:00:00.000Z",
        "dateReserved": "2015-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9637 (GCVE-0-2014-9637)

    Vulnerability from nvd – Published: 2017-08-25 18:00 – Updated: 2024-08-06 13:47
    VLAI
    Summary
    GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:47:41.811Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/?44051"
              },
              {
                "name": "[oss-security] 20150122 Re: CVE request: directory traversal flaw in patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
              },
              {
                "name": "FEDORA-2015-1134",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2015-0068.html"
              },
              {
                "name": "72286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72286"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
              },
              {
                "name": "FEDORA-2015-1165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
              },
              {
                "name": "USN-2651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2651-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-25T17:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.gnu.org/bugs/?44051"
            },
            {
              "name": "[oss-security] 20150122 Re: CVE request: directory traversal flaw in patch",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
            },
            {
              "name": "FEDORA-2015-1134",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2015-0068.html"
            },
            {
              "name": "72286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72286"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
            },
            {
              "name": "FEDORA-2015-1165",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
            },
            {
              "name": "USN-2651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2651-1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-9637",
        "datePublished": "2017-08-25T18:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:47:41.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1196 (GCVE-0-2015-1196)

    Vulnerability from nvd – Published: 2015-01-21 18:00 – Updated: 2024-08-06 04:33
    VLAI
    Summary
    GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:33:20.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
              },
              {
                "name": "72074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72074"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
              },
              {
                "name": "[oss-security] 20150118  Re: CVE request: directory traversal flaw in patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q1/173"
              },
              {
                "name": "openSUSE-SU-2015:0199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
              },
              {
                "name": "gnupatch-unspecified-symlink(99967)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
            },
            {
              "name": "72074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72074"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
            },
            {
              "name": "[oss-security] 20150118  Re: CVE request: directory traversal flaw in patch",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q1/173"
            },
            {
              "name": "openSUSE-SU-2015:0199",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
            },
            {
              "name": "gnupatch-unspecified-symlink(99967)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-1196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
                },
                {
                  "name": "72074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72074"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
                },
                {
                  "name": "[oss-security] 20150118  Re: CVE request: directory traversal flaw in patch",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q1/173"
                },
                {
                  "name": "openSUSE-SU-2015:0199",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
                },
                {
                  "name": "gnupatch-unspecified-symlink(99967)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1196",
        "datePublished": "2015-01-21T18:00:00.000Z",
        "dateReserved": "2015-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:33:20.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-56289 (GCVE-0-2026-56289)

    Vulnerability from cvelistv5 – Published: 2026-07-09 09:29 – Updated: 2026-07-09 12:21 X_Open Source
    VLAI
    Title
    Loop with Unreachable Exit Condition in GNU patch
    Summary
    GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position. This results in excessive CPU consumption and prevents the process from completing. An attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination. This issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    Impacted products
    Vendor Product Version
    GNU patch Affected: 0 , ≤ 2.8.0 (semver)
    Create a notification for this product.
    Credits
    Michał Majchrowicz (AFINE Team) Marcin Wyczechowski (AFINE Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56289",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:20:43.274659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:21:39.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "patch",
              "repo": "https://cgit.git.savannah.gnu.org/cgit/patch.git/",
              "vendor": "GNU",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz (AFINE Team)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski (AFINE Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position.\u003cbr\u003eThis results in excessive CPU consumption and prevents the process from completing.\u003cbr\u003eAn attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003cp\u003eThis issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop while attempting to locate the requested position.\nThis results in excessive CPU consumption and prevents the process from completing.\nAn attacker can trigger this behavior by supplying a malicious patch file, causing the utility to become unresponsive and require manual termination.\n\n\n\nThis issue has been fixed in the commit faba04ef4f2b410257f76c1b9dc85e350929c4b9"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T09:29:22.467Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/07/CVE-2026-56288"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=faba04ef4f2b410257f76c1b9dc85e350929c4b9"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "Loop with Unreachable Exit Condition in GNU patch",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2026-56289",
        "datePublished": "2026-07-09T09:29:22.467Z",
        "dateReserved": "2026-06-20T10:58:09.261Z",
        "dateUpdated": "2026-07-09T12:21:39.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56288 (GCVE-0-2026-56288)

    Vulnerability from cvelistv5 – Published: 2026-07-09 09:29 – Updated: 2026-07-09 12:57 X_Open Source
    VLAI
    Title
    NULL Pointer Dereference in GNU patch
    Summary
    GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service. This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    GNU patch Affected: 0 , ≤ 2.8.0 (semver)
    Create a notification for this product.
    Credits
    Michał Majchrowicz (AFINE Team) Marcin Wyczechowski (AFINE Team)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56288",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:57:28.554596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:57:48.785Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "patch",
              "repo": "https://cgit.git.savannah.gnu.org/cgit/patch.git/",
              "vendor": "GNU",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Micha\u0142 Majchrowicz (AFINE Team)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcin Wyczechowski (AFINE Team)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing.\u003cbr\u003eAn attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313\u003c/p\u003e"
                }
              ],
              "value": "GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing.\nAn attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.\n\n\n\nThis issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T09:29:07.947Z",
            "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
            "shortName": "CERT-PL"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://cert.pl/en/posts/2026/07/CVE-2026-56288"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=e6d6a4e021660679d7fc9150f981d4920f722313"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_open-source"
          ],
          "title": "NULL Pointer Dereference in GNU patch",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "assignerShortName": "CERT-PL",
        "cveId": "CVE-2026-56288",
        "datePublished": "2026-07-09T09:29:07.947Z",
        "dateReserved": "2026-06-20T10:58:09.261Z",
        "dateUpdated": "2026-07-09T12:57:48.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-45261 (GCVE-0-2021-45261)

    Vulnerability from cvelistv5 – Published: 2021-12-22 17:12 – Updated: 2024-08-04 04:39
    VLAI
    Summary
    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://savannah.gnu.org/bugs/?61685 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:39:20.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/?61685"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-22T17:12:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/?61685"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-45261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/?61685",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/?61685"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-45261",
        "datePublished": "2021-12-22T17:12:19.000Z",
        "dateReserved": "2021-12-20T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:39:20.422Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20633 (GCVE-0-2019-20633)

    Vulnerability from cvelistv5 – Published: 2020-03-25 16:44 – Updated: 2024-08-05 02:46
    VLAI
    Summary
    GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:46:10.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?56683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-25T16:44:49.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/index.php?56683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-20633",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?56683",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/index.php?56683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-20633",
        "datePublished": "2020-03-25T16:44:49.000Z",
        "dateReserved": "2020-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:46:10.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1396 (GCVE-0-2015-1396)

    Vulnerability from cvelistv5 – Published: 2019-11-25 15:44 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
    Severity
    No CVSS data available.
    CWE
    • directory traversal
    Assigner
    References
    Date Public
    2015-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
              },
              {
                "name": "75358",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75358"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75358"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2651-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-17T17:49:38.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
            },
            {
              "name": "75358",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75358"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/75358"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2651-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-1396",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20150127 Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196?",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
                },
                {
                  "name": "75358",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75358"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186764"
                },
                {
                  "name": "http://www.securityfocus.com/bid/75358",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/75358"
                },
                {
                  "name": "http://www.ubuntu.com/usn/USN-2651-1",
                  "refsource": "MISC",
                  "url": "http://www.ubuntu.com/usn/USN-2651-1"
                },
                {
                  "name": "http://www.openwall.com/lists/oss-security/2015/01/27/29",
                  "refsource": "MISC",
                  "url": "http://www.openwall.com/lists/oss-security/2015/01/27/29"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-1396",
        "datePublished": "2019-11-25T15:44:16.000Z",
        "dateReserved": "2015-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-20969 (GCVE-0-2018-20969)

    Vulnerability from cvelistv5 – Published: 2019-08-16 03:36 – Updated: 2024-08-05 12:19
    VLAI
    Summary
    do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:19:26.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
              },
              {
                "name": "RHSA-2019:2798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2798"
              },
              {
                "name": "RHSA-2019:2964",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2964"
              },
              {
                "name": "RHSA-2019:3757",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3757"
              },
              {
                "name": "RHSA-2019:3758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3758"
              },
              {
                "name": "RHSA-2019:4061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4061"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-03T13:06:03.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
            },
            {
              "name": "RHSA-2019:2798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2798"
            },
            {
              "name": "RHSA-2019:2964",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2964"
            },
            {
              "name": "RHSA-2019:3757",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3757"
            },
            {
              "name": "RHSA-2019:3758",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3758"
            },
            {
              "name": "RHSA-2019:4061",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4061"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-20969",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                },
                {
                  "name": "https://github.com/irsl/gnu-patch-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
                },
                {
                  "name": "RHSA-2019:2798",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2798"
                },
                {
                  "name": "RHSA-2019:2964",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2964"
                },
                {
                  "name": "RHSA-2019:3757",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3757"
                },
                {
                  "name": "RHSA-2019:3758",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3758"
                },
                {
                  "name": "RHSA-2019:4061",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4061"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-20969",
        "datePublished": "2019-08-16T03:36:12.000Z",
        "dateReserved": "2019-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:19:26.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13638 (GCVE-0-2019-13638)

    Vulnerability from cvelistv5 – Published: 2019-07-26 12:22 – Updated: 2024-08-04 23:57
    VLAI
    Summary
    GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
              },
              {
                "name": "DSA-4489",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4489"
              },
              {
                "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jul/54"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              },
              {
                "name": "GLSA-201908-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-22"
              },
              {
                "name": "FEDORA-2019-ac709da87f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
              },
              {
                "name": "RHSA-2019:2798",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2798"
              },
              {
                "name": "RHSA-2019:2964",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2964"
              },
              {
                "name": "RHSA-2019:3757",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3757"
              },
              {
                "name": "RHSA-2019:3758",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3758"
              },
              {
                "name": "RHSA-2019:4061",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:4061"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-03T13:06:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
            },
            {
              "name": "DSA-4489",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4489"
            },
            {
              "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jul/54"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "name": "GLSA-201908-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-22"
            },
            {
              "name": "FEDORA-2019-ac709da87f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
            },
            {
              "name": "RHSA-2019:2798",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2798"
            },
            {
              "name": "RHSA-2019:2964",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2964"
            },
            {
              "name": "RHSA-2019:3757",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3757"
            },
            {
              "name": "RHSA-2019:3758",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3758"
            },
            {
              "name": "RHSA-2019:4061",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:4061"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-13638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2019-13638",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
                },
                {
                  "name": "DSA-4489",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4489"
                },
                {
                  "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jul/54"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                },
                {
                  "name": "GLSA-201908-22",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-22"
                },
                {
                  "name": "FEDORA-2019-ac709da87f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190828-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
                },
                {
                  "name": "https://github.com/irsl/gnu-patch-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
                },
                {
                  "name": "RHSA-2019:2798",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2798"
                },
                {
                  "name": "RHSA-2019:2964",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2964"
                },
                {
                  "name": "RHSA-2019:3757",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3757"
                },
                {
                  "name": "RHSA-2019:3758",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3758"
                },
                {
                  "name": "RHSA-2019:4061",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:4061"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-13638",
        "datePublished": "2019-07-26T12:22:43.000Z",
        "dateReserved": "2019-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:57:39.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13636 (GCVE-0-2019-13636)

    Vulnerability from cvelistv5 – Published: 2019-07-17 20:04 – Updated: 2024-08-04 23:57
    VLAI
    Summary
    In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:57:39.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
              },
              {
                "name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
              },
              {
                "name": "USN-4071-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4071-1/"
              },
              {
                "name": "USN-4071-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4071-2/"
              },
              {
                "name": "DSA-4489",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4489"
              },
              {
                "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jul/54"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              },
              {
                "name": "GLSA-201908-22",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201908-22"
              },
              {
                "name": "FEDORA-2019-ac709da87f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-05T15:38:29.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
            },
            {
              "name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
            },
            {
              "name": "USN-4071-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4071-1/"
            },
            {
              "name": "USN-4071-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4071-2/"
            },
            {
              "name": "DSA-4489",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4489"
            },
            {
              "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jul/54"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "name": "GLSA-201908-22",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201908-22"
            },
            {
              "name": "FEDORA-2019-ac709da87f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-13636",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a"
                },
                {
                  "name": "[debian-lts-announce] 20190719 [SECURITY] [DLA 1856-1] patch security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html"
                },
                {
                  "name": "USN-4071-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4071-1/"
                },
                {
                  "name": "USN-4071-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4071-2/"
                },
                {
                  "name": "DSA-4489",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4489"
                },
                {
                  "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jul/54"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                },
                {
                  "name": "GLSA-201908-22",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201908-22"
                },
                {
                  "name": "FEDORA-2019-ac709da87f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20190828-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
                },
                {
                  "name": "https://github.com/irsl/gnu-patch-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://github.com/irsl/gnu-patch-vulnerabilities"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-13636",
        "datePublished": "2019-07-17T20:04:00.000Z",
        "dateReserved": "2019-07-17T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:57:39.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000156 (GCVE-0-2018-1000156)

    Vulnerability from cvelistv5 – Published: 2018-04-06 13:00 – Updated: 2025-04-14 19:36
    VLAI
    Summary
    GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:49.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?53566"
              },
              {
                "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
              },
              {
                "name": "USN-3624-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-2/"
              },
              {
                "name": "USN-3624-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/982028968877436928"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
              },
              {
                "name": "RHSA-2018:2091",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2091"
              },
              {
                "name": "RHSA-2018:2094",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2094"
              },
              {
                "name": "RHSA-2018:2093",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2093"
              },
              {
                "name": "RHSA-2018:1200",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1200"
              },
              {
                "name": "RHSA-2018:2095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2095"
              },
              {
                "name": "RHSA-2018:1199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:1199"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
              },
              {
                "name": "RHSA-2018:2092",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2092"
              },
              {
                "name": "RHSA-2018:2097",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2097"
              },
              {
                "name": "RHSA-2018:2096",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2096"
              },
              {
                "name": "GLSA-201904-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201904-17"
              },
              {
                "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jul/54"
              },
              {
                "name": "20190816 Details about recent GNU patch vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-04-05T00:00:00.000Z",
          "datePublic": "2018-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD\u0027s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T19:36:21.263Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://savannah.gnu.org/bugs/index.php?53566"
            },
            {
              "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
            },
            {
              "name": "USN-3624-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/3624-2/"
            },
            {
              "name": "USN-3624-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://usn.ubuntu.com/3624-1/"
            },
            {
              "url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
            },
            {
              "name": "RHSA-2018:2091",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2091"
            },
            {
              "name": "RHSA-2018:2094",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2094"
            },
            {
              "name": "RHSA-2018:2093",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2093"
            },
            {
              "name": "RHSA-2018:1200",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1200"
            },
            {
              "name": "RHSA-2018:2095",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2095"
            },
            {
              "name": "RHSA-2018:1199",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:1199"
            },
            {
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
            },
            {
              "name": "RHSA-2018:2092",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2092"
            },
            {
              "name": "RHSA-2018:2097",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2097"
            },
            {
              "name": "RHSA-2018:2096",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2096"
            },
            {
              "name": "GLSA-201904-17",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201904-17"
            },
            {
              "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jul/54"
            },
            {
              "name": "20190816 Details about recent GNU patch vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/29"
            },
            {
              "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
            },
            {
              "url": "https://web.archive.org/web/20180405231329/https://twitter.com/kurtseifried/status/982028968877436928"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "4/5/2018 18:20:32",
              "ID": "CVE-2018-1000156",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD\u0027s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?53566",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.gnu.org/bugs/index.php?53566"
                },
                {
                  "name": "[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html"
                },
                {
                  "name": "USN-3624-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-2/"
                },
                {
                  "name": "USN-3624-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-1/"
                },
                {
                  "name": "https://twitter.com/kurtseifried/status/982028968877436928",
                  "refsource": "MISC",
                  "url": "https://twitter.com/kurtseifried/status/982028968877436928"
                },
                {
                  "name": "http://rachelbythebay.com/w/2018/04/05/bangpatch/",
                  "refsource": "MISC",
                  "url": "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
                },
                {
                  "name": "RHSA-2018:2091",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2091"
                },
                {
                  "name": "RHSA-2018:2094",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2094"
                },
                {
                  "name": "RHSA-2018:2093",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2093"
                },
                {
                  "name": "RHSA-2018:1200",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1200"
                },
                {
                  "name": "RHSA-2018:2095",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2095"
                },
                {
                  "name": "RHSA-2018:1199",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:1199"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19"
                },
                {
                  "name": "RHSA-2018:2092",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2092"
                },
                {
                  "name": "RHSA-2018:2097",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2097"
                },
                {
                  "name": "RHSA-2018:2096",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2096"
                },
                {
                  "name": "GLSA-201904-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201904-17"
                },
                {
                  "name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Jul/54"
                },
                {
                  "name": "20190816 Details about recent GNU patch vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/29"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000156",
        "datePublished": "2018-04-06T13:00:00.000Z",
        "dateReserved": "2018-04-06T00:00:00.000Z",
        "dateUpdated": "2025-04-14T19:36:21.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-10713 (GCVE-0-2016-10713)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-06 03:30
    VLAI
    Summary
    An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3624-2/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3624-1/ vendor-advisoryx_refsource_UBUNTU
    https://git.savannah.gnu.org/cgit/patch.git/commi… x_refsource_MISC
    http://www.securityfocus.com/bid/103063 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2019:2033 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:30:20.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3624-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-2/"
              },
              {
                "name": "USN-3624-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
              },
              {
                "name": "103063",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103063"
              },
              {
                "name": "RHSA-2019:2033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2033"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3624-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3624-2/"
            },
            {
              "name": "USN-3624-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3624-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
            },
            {
              "name": "103063",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103063"
            },
            {
              "name": "RHSA-2019:2033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2033"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-10713",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3624-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-2/"
                },
                {
                  "name": "USN-3624-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-1/"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866"
                },
                {
                  "name": "103063",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103063"
                },
                {
                  "name": "RHSA-2019:2033",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2033"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-10713",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:30:20.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6951 (GCVE-0-2018-6951)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3624-1/ vendor-advisoryx_refsource_UBUNTU
    https://git.savannah.gnu.org/cgit/patch.git/commi… x_refsource_MISC
    http://www.securityfocus.com/bid/103044 vdb-entryx_refsource_BID
    https://savannah.gnu.org/bugs/index.php?53132 x_refsource_MISC
    https://security.gentoo.org/glsa/201904-17 vendor-advisoryx_refsource_GENTOO
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.195Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3624-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3624-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
              },
              {
                "name": "103044",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103044"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?53132"
              },
              {
                "name": "GLSA-201904-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201904-17"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-17T19:06:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3624-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3624-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
            },
            {
              "name": "103044",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103044"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/index.php?53132"
            },
            {
              "name": "GLSA-201904-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201904-17"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-6951",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3624-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3624-1/"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a",
                  "refsource": "MISC",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a"
                },
                {
                  "name": "103044",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103044"
                },
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?53132",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/index.php?53132"
                },
                {
                  "name": "GLSA-201904-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201904-17"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-6951",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.195Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6952 (GCVE-0-2018-6952)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-05 06:17
    VLAI
    Summary
    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://savannah.gnu.org/bugs/index.php?53133 x_refsource_MISC
    http://www.securityfocus.com/bid/103047 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201904-17 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2019:2033 vendor-advisoryx_refsource_REDHAT
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:17:17.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/index.php?53133"
              },
              {
                "name": "103047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103047"
              },
              {
                "name": "GLSA-201904-17",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201904-17"
              },
              {
                "name": "RHSA-2019:2033",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2033"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-06T16:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://savannah.gnu.org/bugs/index.php?53133"
            },
            {
              "name": "103047",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103047"
            },
            {
              "name": "GLSA-201904-17",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201904-17"
            },
            {
              "name": "RHSA-2019:2033",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2033"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-6952",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://savannah.gnu.org/bugs/index.php?53133",
                  "refsource": "MISC",
                  "url": "https://savannah.gnu.org/bugs/index.php?53133"
                },
                {
                  "name": "103047",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103047"
                },
                {
                  "name": "GLSA-201904-17",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201904-17"
                },
                {
                  "name": "RHSA-2019:2033",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2033"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-6952",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:17:17.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9637 (GCVE-0-2014-9637)

    Vulnerability from cvelistv5 – Published: 2017-08-25 18:00 – Updated: 2024-08-06 13:47
    VLAI
    Summary
    GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-01-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:47:41.811Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/?44051"
              },
              {
                "name": "[oss-security] 20150122 Re: CVE request: directory traversal flaw in patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
              },
              {
                "name": "FEDORA-2015-1134",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2015-0068.html"
              },
              {
                "name": "72286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72286"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
              },
              {
                "name": "FEDORA-2015-1165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
              },
              {
                "name": "USN-2651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2651-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-25T17:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.gnu.org/bugs/?44051"
            },
            {
              "name": "[oss-security] 20150122 Re: CVE request: directory traversal flaw in patch",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/22/7"
            },
            {
              "name": "FEDORA-2015-1134",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2015-0068.html"
            },
            {
              "name": "72286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72286"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944"
            },
            {
              "name": "FEDORA-2015-1165",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185262"
            },
            {
              "name": "USN-2651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2651-1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-9637",
        "datePublished": "2017-08-25T18:00:00.000Z",
        "dateReserved": "2015-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:47:41.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1395 (GCVE-0-2015-1395)

    Vulnerability from cvelistv5 – Published: 2017-08-25 18:00 – Updated: 2024-08-06 04:40
    VLAI
    Summary
    Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-01-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:40:18.688Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
              },
              {
                "name": "72846",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72846"
              },
              {
                "name": "FEDORA-2015-1134",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://savannah.gnu.org/bugs/?44059"
              },
              {
                "name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
              },
              {
                "name": "FEDORA-2015-1165",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
              },
              {
                "name": "USN-2651-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2651-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-25T17:57:02.000Z",
            "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            "shortName": "debian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
            },
            {
              "name": "72846",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72846"
            },
            {
              "name": "FEDORA-2015-1134",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://savannah.gnu.org/bugs/?44059"
            },
            {
              "name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
            },
            {
              "name": "FEDORA-2015-1165",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
            },
            {
              "name": "USN-2651-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2651-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@debian.org",
              "ID": "CVE-2015-1395",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873"
                },
                {
                  "name": "72846",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72846"
                },
                {
                  "name": "FEDORA-2015-1134",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html"
                },
                {
                  "name": "https://savannah.gnu.org/bugs/?44059",
                  "refsource": "CONFIRM",
                  "url": "https://savannah.gnu.org/bugs/?44059"
                },
                {
                  "name": "[oss-security] 20150127 Re: CVE Request: patch: directory traversal via file rename",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/01/27/28"
                },
                {
                  "name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd",
                  "refsource": "CONFIRM",
                  "url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704ba04e0371d2cbd"
                },
                {
                  "name": "FEDORA-2015-1165",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html"
                },
                {
                  "name": "USN-2651-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2651-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184490"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "assignerShortName": "debian",
        "cveId": "CVE-2015-1395",
        "datePublished": "2017-08-25T18:00:00.000Z",
        "dateReserved": "2015-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:40:18.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-1196 (GCVE-0-2015-1196)

    Vulnerability from cvelistv5 – Published: 2015-01-21 18:00 – Updated: 2024-08-06 04:33
    VLAI
    Summary
    GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:33:20.718Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
              },
              {
                "name": "72074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72074"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
              },
              {
                "name": "[oss-security] 20150118  Re: CVE request: directory traversal flaw in patch",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2015/q1/173"
              },
              {
                "name": "openSUSE-SU-2015:0199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
              },
              {
                "name": "gnupatch-unspecified-symlink(99967)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
            },
            {
              "name": "72074",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72074"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
            },
            {
              "name": "[oss-security] 20150118  Re: CVE request: directory traversal flaw in patch",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2015/q1/173"
            },
            {
              "name": "openSUSE-SU-2015:0199",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
            },
            {
              "name": "gnupatch-unspecified-symlink(99967)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-1196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3",
                  "refsource": "CONFIRM",
                  "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182154"
                },
                {
                  "name": "72074",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72074"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227"
                },
                {
                  "name": "[oss-security] 20150118  Re: CVE request: directory traversal flaw in patch",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2015/q1/173"
                },
                {
                  "name": "openSUSE-SU-2015:0199",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html"
                },
                {
                  "name": "gnupatch-unspecified-symlink(99967)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99967"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-1196",
        "datePublished": "2015-01-21T18:00:00.000Z",
        "dateReserved": "2015-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:33:20.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }