Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local attack requiring active user invocation of patch against a malicious file (UI:R); no privileges needed; impact is solely a process crash with no confidentiality or integrity exposure (A:L only).
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.
This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
AnalysisAI
GNU patch crashes with a NULL pointer dereference when a user applies a specially crafted unified-diff file, resulting in denial of service. Improper handling of consecutive end-of-file newline markers corrupts internal hunk data structures, causing a NULL pointer to be passed to fwrite() during processing. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must actively invoke the GNU patch utility and supply the crafted unified-diff file as input - confirmed by CVSS UI:A (active user interaction required). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 4.6 with vector AV:L/AC:L/AT:N/PR:N/UI:A/VA:L accurately reflects the constrained threat model: exploitation is local, requires user interaction, and yields only a limited availability impact (crash of the patch process, not system-wide disruption). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a unified-diff file containing specially structured consecutive end-of-file newline markers and delivers it to a developer or sysadmin - for example, as a malicious patch submission to an open-source project or via a compromised repository. When the victim runs the patch command against this file, the corrupted hunk data structure causes a NULL pointer dereference in fwrite(), crashing the utility and potentially disrupting automated patch-application workflows. |
| Remediation | The upstream fix is available as commit e6d6a4e021660679d7fc9150f981d4920f722313 in the GNU patch Savannah repository (https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=e6d6a4e021660679d7fc9150f981d4920f722313); a formal tagged release version has not been independently confirmed, so this is an upstream commit fix pending a versioned release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium s
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote atta
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch fil
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), t
An issue was discovered in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely explo
Tanium addressed an incorrect default permissions vulnerability in Patch. [CVSS 6.5 MEDIUM]
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. Rated mediu
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fa
GNU patch enters an infinite CPU-consuming loop when processing a specially crafted unified-diff file containing an exce
Tanium addressed an improper access controls vulnerability in Patch. [CVSS 4.3 MEDIUM]
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42556
GHSA-m3j2-9m66-r96h