PT-2018-3610 · Mercurial+2 · Mercurial+2

Augie Fackler

Publicado

2018-07-05

Atualizado

2024-06-15

CVE-2018-13348

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 4.6.1

Description The issue is related to the mpatch decode function in Mercurial, which mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not. This can be exploited by a remote attacker to impact data integrity.

Recommendations For Mercurial versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mpatch decode function until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2018-2508

BDU:2021-01310

CVE-2018-13348

DLA-1414-1

DLA-2293-1

GHSA-3V62-WW8W-758M

MGASA-2018-0355

OPENSUSE-SU-2018_2023-1

OPENSUSE-SU-2018_2132-1

OPENSUSE-SU-2024:10586-1

PYSEC-2018-90

SUSE-SU-2018:1990-1

SUSE-SU-2018:1996-1

SUSE-SU-2018:1998-1

Produtos afetados

Alt Linux

Mercurial

Suse

PT-2018-3610 · Mercurial+2 · Mercurial+2

CVE-2018-13348

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 42