High severity7.5NVD Advisory· Published Jul 6, 2018· Updated Jun 17, 2026
CVE-2018-13348
CVE-2018-13348
Description
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mercurialPyPI | < 4.6.1 | 4.6.1 |
Affected products
5- ghsa-coords5 versionspkg:pypi/mercurialpkg:rpm/opensuse/mercurial&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 4.6.1+ 4 more
- (no CPE)range: < 4.6.1
- (no CPE)range: < 5.9.1-2.1
- (no CPE)range: < 4.5.2-3.3.1
- (no CPE)range: < 2.3.2-0.18.9.1
- (no CPE)range: < 2.8.2-15.13.1
Patches
Vulnerability mechanics
References
6- www.mercurial-scm.org/repo/hg/rev/90a274965de7nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-3v62-ww8w-758mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-13348ghsaADVISORY
- www.mercurial-scm.org/wiki/WhatsNewnvdVendor AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-90.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2020/07/msg00032.htmlnvdWEB
News mentions
0No linked articles in our index yet.