Sign in Get started

← All advisories

Unrated severityNVD Advisory· Published Jan 21, 2015· Updated May 6, 2026

CVE-2015-1196

CVE-2015-1196

Description

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Affected products

4

OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
GNU/Patch
cpe:2.3:a:gnu:patch:2.7.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

git.savannah.gnu.org/cgit/patch.git/commit/nvdPatch
bugs.debian.org/cgi-bin/bugreport.cginvdExploit
lists.opensuse.org/opensuse-updates/2015-02/msg00013.htmlnvdThird Party Advisory
seclists.org/oss-sec/2015/q1/173nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party Advisory
www.securityfocus.com/bid/72074nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/99967nvd

News mentions

0

No linked articles in our index yet.