PT-2018-3608 · Mercurial+4 · Mercurial+4

Published

2018-07-05

Updated

2022-05-13

CVE-2018-13347

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 4.6.1

Description The issue is related to an integer overflow in the mpatch.c component of the Mercurial version control system. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is due to the mishandling of integer addition and subtraction.

Recommendations For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the mpatch.c component until a patch is applied.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2018-2508

BDU:2021-01285

CESA-2019_2276

CVE-2018-13347

DLA-1414-1

DLA-2293-1

GHSA-3MJJ-MR4F-QXMX

MGASA-2018-0355

OPENSUSE-SU-2018_2023-1

OPENSUSE-SU-2018_2132-1

PYSEC-2018-89

RHSA-2019:2276

RHSA-2019_2276

SUSE-SU-2018:1990-1

SUSE-SU-2018:1996-1

SUSE-SU-2018:1998-1

Affected Products

Alt Linux

Centos

Mercurial

Red Hat

Suse

PT-2018-3608 · Mercurial+4 · Mercurial+4

CVE-2018-13347

Weakness Enumeration

Related Identifiers

Affected Products

References · 36