Gnu patch

This hub aggregates every CVE we track for Gnu patch, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 6 most recently published vulnerabilities affecting Gnu patch.

• CVE-2019-13638GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed ed...7.8Jul 26, 2019
• CVE-2019-13636In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.5.9Jul 17, 2019
• CVE-2018-1000156GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appea...7.8Apr 6, 2018
• CVE-2014-9637GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.5.5Aug 25, 2017
• CVE-2015-1395Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via...7.5Aug 25, 2017
• CVE-2010-4651Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (d...5.8Mar 11, 2011