Shodan
Vulnerabilities
Vulnerable Software
Gnu:  >> Patch  >> 2.6  Security Vulnerabilities
CVE-2019-20633
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-03-25
CVE-2015-1396
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
CVSS Score
7.5
EPSS Score
0.037
Published
2019-11-25
CVE-2018-20969
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
CVSS Score
7.8
EPSS Score
0.008
Published
2019-08-16
CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVSS Score
5.9
EPSS Score
0.044
Published
2019-07-17
CVE-2016-10713
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-02-13
CVE-2018-6951
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
CVSS Score
7.5
EPSS Score
0.231
Published
2018-02-13
CVE-2018-6952
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
CVSS Score
7.5
EPSS Score
0.114
Published
2018-02-13
CVE-2014-9637
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-08-25
CVE-2015-1395
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
CVSS Score
7.5
EPSS Score
0.034
Published
2017-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved