Patch
CVE-2018-1000156
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
AnalysisAI
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. Affected products include: Gnu Patch, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server. Version information: version 2.7.6.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium s
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote atta
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch fil
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), t
An issue was discovered in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely explo
Tanium addressed an incorrect default permissions vulnerability in Patch. [CVSS 6.5 MEDIUM]
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. Rated mediu
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fa
GNU patch enters an infinite CPU-consuming loop when processing a specially crafted unified-diff file containing an exce
GNU patch crashes with a NULL pointer dereference when a user applies a specially crafted unified-diff file, resulting i
Tanium addressed an improper access controls vulnerability in Patch. [CVSS 4.3 MEDIUM]
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today