PT-2018-3611 · Mercurial+4 · Mercurial+4

Published

2018-07-05

Updated

2024-06-15

CVE-2018-13346

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 4.6.1

Description The issue is related to the mpatch apply function in mpatch.c, which incorrectly proceeds when the fragment start is past the end of the original data. This is due to a lack of input validation. Exploitation of this issue may allow a remote attacker to impact data integrity.

Recommendations For Mercurial versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mpatch apply function until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2018-2508

BDU:2021-01311

CESA-2019_2276

CVE-2018-13346

DLA-1414-1

DLA-2293-1

GHSA-9XV4-R2HF-26GH

MGASA-2018-0355

OPENSUSE-SU-2018_2023-1

OPENSUSE-SU-2018_2132-1

OPENSUSE-SU-2024:10586-1

PYSEC-2018-88

RHSA-2019:2276

RHSA-2019_2276

SUSE-SU-2018:1990-1

SUSE-SU-2018:1996-1

SUSE-SU-2018:1998-1

SUSE-SU-2018_1990-1

SUSE-SU-2018_1996-1

SUSE-SU-2018_1998-1

Affected Products

Alt Linux

Centos

Mercurial

Red Hat

Suse

PT-2018-3611 · Mercurial+4 · Mercurial+4

CVE-2018-13346

Weakness Enumeration

Related Identifiers

Affected Products

References · 43