PT-2026-56775 · Gnu · Patch

Marcin Wyczechowski

+1

·

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-56288

CVSS v4.0

4.6

Medium

VectorAV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service.
This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56288

Affected Products

Patch