Mercurial: >> Mercurial >> 4.5.3 Security Vulnerabilities
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
CVSS Score
5.1
EPSS Score
0.004
Published
2019-04-22
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
CVSS Score
9.1
EPSS Score
0.004
Published
2018-10-04
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-06
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-06
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-06