PT-2018-3611 · Mercurial+4 · Mercurial+4

Publicado

2018-07-05

Atualizado

2024-06-15

CVE-2018-13346

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 4.6.1

Description The issue is related to the mpatch apply function in mpatch.c, which incorrectly proceeds when the fragment start is past the end of the original data. This is due to a lack of input validation. Exploitation of this issue may allow a remote attacker to impact data integrity.

Recommendations For Mercurial versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mpatch apply function until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2018-2508

BDU:2021-01311

CESA-2019_2276

CVE-2018-13346

DLA-1414-1

DLA-2293-1

GHSA-9XV4-R2HF-26GH

MGASA-2018-0355

OPENSUSE-SU-2018_2023-1

OPENSUSE-SU-2018_2132-1

OPENSUSE-SU-2024:10586-1

PYSEC-2018-88

RHSA-2019:2276

RHSA-2019_2276

SUSE-SU-2018:1990-1

SUSE-SU-2018:1996-1

SUSE-SU-2018:1998-1

SUSE-SU-2018_1990-1

SUSE-SU-2018_1996-1

SUSE-SU-2018_1998-1

Produtos afetados

Alt Linux

Centos

Mercurial

Red Hat

Suse

PT-2018-3611 · Mercurial+4 · Mercurial+4

CVE-2018-13346

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43