2.7.1

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

gnu

CWE-415

NVD

Published: 2020-03-25

Updated: 2020-11-05

Summary

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Patch 2.5 GNU Patch 2.5.4 GNU Patch 2.7.1	3

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://savannah.gnu.org/bugs/index.php?56683