Vulnerabilities > Mercurial > Mercurial > 4.6.0

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2019-3902 Link Following vulnerability in multiple products
A flaw was found in Mercurial before 4.9.
5.8
2018-10-04 CVE-2018-17983 Out-of-bounds Read vulnerability in Mercurial
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
network
low complexity
mercurial CWE-125
6.4
2018-07-06 CVE-2018-13348 Improper Input Validation vulnerability in Mercurial
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
network
low complexity
mercurial CWE-20
5.0
2018-07-06 CVE-2018-13347 Integer Overflow or Wraparound vulnerability in Mercurial
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
network
low complexity
mercurial CWE-190
7.5
2018-07-06 CVE-2018-13346 Improper Input Validation vulnerability in Mercurial
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
network
low complexity
mercurial CWE-20
5.0