Skip to main content

GNU patch EUVDEUVD-2026-42556

| CVE-2026-56288 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-07-09 CERT-PL GHSA-m3j2-9m66-r96h
4.6
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
4.6 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

Local attack requiring active user invocation of patch against a malicious file (UI:R); no privileges needed; impact is solely a process crash with no confidentiality or integrity exposure (A:L only).

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 12:09 vuln.today

DescriptionCVE.org

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.

This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313

AnalysisAI

GNU patch crashes with a NULL pointer dereference when a user applies a specially crafted unified-diff file, resulting in denial of service. Improper handling of consecutive end-of-file newline markers corrupts internal hunk data structures, causing a NULL pointer to be passed to fwrite() during processing. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft unified-diff with malformed EOF newline markers
Delivery
Deliver malicious file to target user or pipeline
Exploit
User invokes GNU patch against crafted file
Execution
Consecutive EOF markers corrupt hunk data structures
Persist
NULL pointer passed to fwrite()
Impact
patch process crashes (DoS)

Vulnerability AssessmentAI

Exploitation The victim must actively invoke the GNU patch utility and supply the crafted unified-diff file as input - confirmed by CVSS UI:A (active user interaction required). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.6 with vector AV:L/AC:L/AT:N/PR:N/UI:A/VA:L accurately reflects the constrained threat model: exploitation is local, requires user interaction, and yields only a limited availability impact (crash of the patch process, not system-wide disruption). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a unified-diff file containing specially structured consecutive end-of-file newline markers and delivers it to a developer or sysadmin - for example, as a malicious patch submission to an open-source project or via a compromised repository. When the victim runs the patch command against this file, the corrupted hunk data structure causes a NULL pointer dereference in fwrite(), crashing the utility and potentially disrupting automated patch-application workflows.
Remediation The upstream fix is available as commit e6d6a4e021660679d7fc9150f981d4920f722313 in the GNU patch Savannah repository (https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=e6d6a4e021660679d7fc9150f981d4920f722313); a formal tagged release version has not been independently confirmed, so this is an upstream commit fix pending a versioned release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Patch

View all
CVE-2021-45261 MEDIUM POC
5.5 Dec 22

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service

CVE-2015-1196 MEDIUM POC
4.3 Jan 21

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium s

CVE-2015-1395 HIGH
7.5 Aug 25

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote atta

CVE-2019-13638 HIGH
7.8 Jul 26

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch fil

CVE-2018-1000156 HIGH
7.8 Apr 06

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_

CVE-2018-6952 HIGH
7.5 Feb 13

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), t

CVE-2018-6951 HIGH
7.5 Feb 13

An issue was discovered in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely explo

CVE-2025-15337 MEDIUM
6.5 Feb 05

Tanium addressed an incorrect default permissions vulnerability in Patch. [CVSS 6.5 MEDIUM]

CVE-2019-13636 MEDIUM
5.9 Jul 17

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. Rated mediu

CVE-2014-9637 MEDIUM
5.5 Aug 25

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fa

CVE-2026-56289 MEDIUM
4.6 Jul 09

GNU patch enters an infinite CPU-consuming loop when processing a specially crafted unified-diff file containing an exce

CVE-2025-15326 MEDIUM
4.3 Feb 05

Tanium addressed an improper access controls vulnerability in Patch. [CVSS 4.3 MEDIUM]

Share

EUVD-2026-42556 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy