CVE-2015-1395

Name of the Vulnerable Software and Affected Versions GNU Patch versions prior to 2.7.3

Description The issue is related to a directory traversal vulnerability in GNU Patch, which affects versions that support Git-style patching. This vulnerability can be exploited by a remote attacker to modify arbitrary files with the permissions of the target user. The exploitation is possible via a .. (dot dot) in a diff file name, allowing the attacker to traverse the directory and access files outside the intended directory.

Recommendations For GNU Patch versions prior to 2.7.3, update to version 2.7.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of Git-style patching in GNU Patch until a patch is available. Avoid using diff file names that contain the .. sequence in the affected GNU Patch versions.