PT-2014-1974 · Gnu+3 · Gnu Patch+3

Gcs

Published

2014-12-31

Updated

2018-05-07

CVE-2014-9637

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU patch versions 2.7.2 and earlier

Description The issue is related to errors in resource management, specifically memory consumption, which can lead to a denial of service. This can be triggered by a remote attacker using a crafted diff file, resulting in a segmentation fault. The estimated number of potentially affected devices is not specified.

Recommendations For GNU patch versions 2.7.2 and earlier, update to a version later than 2.7.2 to resolve the issue. As a temporary workaround, consider restricting the use of crafted diff files to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2015-1846

BDU:2017-02048

CVE-2014-9637

MGASA-2015-0068

SUSE-SU-2018:1162-1

USN-2651-1

Affected Products

Alt Linux

Gnu Patch

Suse

Ubuntu

PT-2014-1974 · Gnu+3 · Gnu Patch+3

CVE-2014-9637

Weakness Enumeration

Related Identifiers

Affected Products

References · 48