rpm package
suse/mercurial&distro=SUSE Linux Enterprise Module for Development Tools 15
pkg:rpm/suse/mercurial&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17983 | Cri | 9.1 | < 4.5.2-3.6.1 | 4.5.2-3.6.1 | Oct 4, 2018 | cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. | |
| CVE-2018-13348 | Hig | 7.5 | < 4.5.2-3.3.1 | 4.5.2-3.3.1 | Jul 6, 2018 | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. | |
| CVE-2018-13347 | Cri | 9.8 | < 4.5.2-3.3.1 | 4.5.2-3.3.1 | Jul 6, 2018 | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | |
| CVE-2018-13346 | Hig | 7.5 | < 4.5.2-3.3.1 | 4.5.2-3.3.1 | Jul 6, 2018 | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. |
- affected < 4.5.2-3.6.1fixed 4.5.2-3.6.1
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
- affected < 4.5.2-3.3.1fixed 4.5.2-3.3.1
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
- affected < 4.5.2-3.3.1fixed 4.5.2-3.3.1
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
- affected < 4.5.2-3.3.1fixed 4.5.2-3.3.1
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.