Vulnerabilities > CVE-2018-13347 - Integer Overflow or Wraparound vulnerability in Mercurial
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0216_MERCURIAL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mercurial packages installed that are affected by multiple vulnerabilities: - Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. (CVE-2018-1000132) - The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. (CVE-2018-13346) - mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. (CVE-2018-13347) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131410 published 2019-12-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131410 title NewStart CGSL CORE 5.04 / MAIN 5.04 : mercurial Multiple Vulnerabilities (NS-SA-2019-0216) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-541.NASL description This update for mercurial fixes the following issues : Security issues fixed : - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123230 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123230 title openSUSE Security Update : mercurial (openSUSE-2019-541) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1998-1.NASL description This update for mercurial fixes the following issues: Security issues fixed : - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-21 modified 2019-01-02 plugin id 120055 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120055 title SUSE SLED15 / SLES15 Security Update : mercurial (SUSE-SU-2018:1998-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2214.NASL description According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.(CVE-2018-13346) - mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.(CVE-2018-13347) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130676 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130676 title EulerOS 2.0 SP5 : mercurial (EulerOS-SA-2019-2214) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2276.NASL description An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix(es) : * mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply() (CVE-2018-13346) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127702 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127702 title RHEL 7 : mercurial (RHSA-2019:2276) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2273.NASL description According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.(CVE-2018-13346) - mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.(CVE-2018-13347) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130735 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130735 title EulerOS 2.0 SP3 : mercurial (EulerOS-SA-2019-2273) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0234_MERCURIAL.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has mercurial packages installed that are affected by multiple vulnerabilities: - Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. (CVE-2018-1000132) - The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. (CVE-2018-13346) - mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. (CVE-2018-13347) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132497 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132497 title NewStart CGSL CORE 5.05 / MAIN 5.05 : mercurial Multiple Vulnerabilities (NS-SA-2019-0234) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-734.NASL description This update for mercurial fixes the following issues : Security issues fixed : - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (boo#1100353). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (boo#1100355). - CVE-2018-13346: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (boo#1100354). last seen 2020-06-05 modified 2018-07-20 plugin id 111192 published 2018-07-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111192 title openSUSE Security Update : mercurial (openSUSE-2018-734) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-772.NASL description This update for mercurial fixes the following issues : Security issues fixed : - CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354). - CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355). - CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-07-30 plugin id 111424 published 2018-07-30 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111424 title openSUSE Security Update : mercurial (openSUSE-2018-772) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2276.NASL description An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix(es) : * mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply() (CVE-2018-13346) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128380 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128380 title CentOS 7 : mercurial (CESA-2019:2276) NASL family Scientific Linux Local Security Checks NASL id SL_20190806_MERCURIAL_ON_SL7_X.NASL description Security Fix(es) : - mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) - mercurial: HTTP server permissions bypass (CVE-2018-1000132) - mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply() (CVE-2018-13346) last seen 2020-03-18 modified 2019-08-27 plugin id 128241 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128241 title Scientific Linux Security Update : mercurial on SL7.x x86_64 (20190806)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://access.redhat.com/errata/RHSA-2019:2276
- https://access.redhat.com/errata/RHSA-2019:2276
- https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
- https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
- https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
- https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29