Vulnerabilities > GNU > Patch

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-45261 Release of Invalid Pointer or Reference vulnerability in GNU Patch 2.7
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
local
low complexity
gnu CWE-763
5.5
5.5
2020-03-25 CVE-2019-20633 Double Free vulnerability in GNU Patch 2.5/2.5.4/2.7.1
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file.
local
low complexity
gnu CWE-415
5.5
5.5
2019-11-25 CVE-2015-1396 Path Traversal vulnerability in multiple products
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4.
network
low complexity
gnu debian CWE-22
7.5
7.5
2019-08-16 CVE-2018-20969 OS Command Injection vulnerability in GNU Patch 2.5/2.5.4/2.7.1
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character.
local
low complexity
gnu CWE-78
7.8
7.8
2019-07-26 CVE-2019-13638 OS Command Injection vulnerability in multiple products
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters.
local
low complexity
gnu debian CWE-78
7.8
7.8
2019-07-17 CVE-2019-13636 Link Following vulnerability in GNU Patch 2.5/2.5.4/2.7.1
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files.
network
high complexity
gnu CWE-59
5.9
5.9
2018-04-06 CVE-2018-1000156 Improper Input Validation vulnerability in multiple products
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution.
local
low complexity
gnu canonical debian redhat CWE-20
7.8
7.8
2018-02-13 CVE-2018-6952 Double Free vulnerability in GNU Patch 2.5/2.5.4/2.7.1
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
network
low complexity
gnu CWE-415
7.5
7.5
2018-02-13 CVE-2018-6951 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GNU patch through 2.7.6.
network
low complexity
gnu canonical CWE-476
7.5
7.5
2018-02-13 CVE-2016-10713 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Patch 2.5/2.5.4/2.7.1
An issue was discovered in GNU patch before 2.7.6.
local
low complexity
gnu CWE-119
5.5
5.5