GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-08-25
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-08-25
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVSS Score
4.3
EPSS Score
0.009
Published
2015-01-21
Page 2