Vulnerabilities > GNU > Patch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-45261 | Release of Invalid Pointer or Reference vulnerability in GNU Patch 2.7 An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | 4.3 |
| 2020-03-25 | CVE-2019-20633 | Double Free vulnerability in GNU Patch GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. | 4.3 |
| 2019-11-25 | CVE-2015-1396 | Path Traversal vulnerability in multiple products A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. | 6.4 |
| 2019-07-17 | CVE-2019-13636 | Link Following vulnerability in GNU Patch In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. | 5.9 |
| 2018-04-06 | CVE-2018-1000156 | Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. | 6.8 |
| 2018-02-13 | CVE-2018-6952 | Double Free vulnerability in GNU Patch A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | 5.0 |
| 2018-02-13 | CVE-2018-6951 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GNU patch through 2.7.6. | 5.0 |
| 2018-02-13 | CVE-2016-10713 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Patch An issue was discovered in GNU patch before 2.7.6. | 4.3 |
| 2015-01-21 | CVE-2015-1196 | Link Following vulnerability in multiple products GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | 4.3 |