PT-2018-3868 · Gnu+4 · Gnu Patch+4

Hanno

Publicado

2018-02-12

Atualizado

2025-08-12

CVE-2018-6951

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU patch versions prior to 2.7.7

Description The issue is related to a segmentation fault and a NULL pointer dereference in the intuit diff type() function in pch.c, which can lead to a denial of service. This is also referred to as a "mangled rename" issue. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For GNU patch versions prior to 2.7.7, update to version 2.7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the intuit diff type() function in pch.c to minimize the risk of exploitation.

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2018-1872

AZL-35103

AZL-6787

BDU:2023-01652

CVE-2018-6951

ECHO-A04B-93A1-35BC

MGASA-2018-0277

MGASA-2018-0448

OPENSUSE-SU-2018_1137-1

OPENSUSE-SU-2024:11151-1

ROSA-SA-2024-2468

ROSA-SA-2024-2469

SUSE-SU-2018:1128-1

USN-3624-1

Produtos afetados

Alt Linux

Debian

Gnu Patch

Suse

Ubuntu

PT-2018-3868 · Gnu+4 · Gnu Patch+4

CVE-2018-6951

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40