PT-2018-3868 · Gnu+4 · Gnu Patch+4

Hanno

Published

2018-02-12

Updated

2025-08-12

CVE-2018-6951

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU patch versions prior to 2.7.7

Description The issue is related to a segmentation fault and a NULL pointer dereference in the intuit diff type() function in pch.c, which can lead to a denial of service. This is also referred to as a "mangled rename" issue. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For GNU patch versions prior to 2.7.7, update to version 2.7.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the intuit diff type() function in pch.c to minimize the risk of exploitation.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2018-1872

AZL-35103

AZL-6787

BDU:2023-01652

CVE-2018-6951

ECHO-A04B-93A1-35BC

MGASA-2018-0277

MGASA-2018-0448

OPENSUSE-SU-2018_1137-1

OPENSUSE-SU-2024:11151-1

ROSA-SA-2024-2468

ROSA-SA-2024-2469

SUSE-SU-2018:1128-1

USN-3624-1

Affected Products

Alt Linux

Debian

Gnu Patch

Suse

Ubuntu

PT-2018-3868 · Gnu+4 · Gnu Patch+4

CVE-2018-6951

Weakness Enumeration

Related Identifiers

Affected Products

References · 40