Vulnerabilities > GNU > Patch > 2.7.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-25 | CVE-2019-20633 | Double Free vulnerability in GNU Patch GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. | 5.5 |
| 2019-08-16 | CVE-2018-20969 | OS Command Injection vulnerability in GNU Patch do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. | 7.8 |
| 2019-07-26 | CVE-2019-13638 | OS Command Injection vulnerability in multiple products GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. | 7.8 |
| 2019-07-17 | CVE-2019-13636 | Link Following vulnerability in GNU Patch In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. | 5.9 |
| 2018-04-06 | CVE-2018-1000156 | Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. | 7.8 |
| 2018-02-13 | CVE-2018-6952 | Double Free vulnerability in GNU Patch A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | 7.5 |
| 2018-02-13 | CVE-2018-6951 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU patch through 2.7.6. | 7.5 |
| 2018-02-13 | CVE-2016-10713 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Patch An issue was discovered in GNU patch before 2.7.6. | 5.5 |