Patch
by GNU
CVEs (17)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000156 | Hig | 0.51 | 7.8 | 0.06 | Apr 6, 2018 | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is… | ||
| CVE-2018-6952 | Hig | 0.49 | 7.5 | 0.08 | Feb 13, 2018 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | ||
| CVE-2018-6951 | Hig | 0.49 | 7.5 | 0.09 | Feb 13, 2018 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. | ||
| CVE-2015-1418 | Hig | 0.44 | 7.8 | 0.04 | Feb 5, 2018 | The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch… | ||
| CVE-2015-1416 | Hig | 0.44 | 7.8 | 0.04 | Feb 5, 2018 | Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file. | ||
| CVE-2015-1395 | Hig | 0.43 | 7.5 | 0.11 | Aug 25, 2017 | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | ||
| CVE-2016-10713 | Med | 0.36 | 5.5 | 0.02 | Feb 13, 2018 | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | ||
| CVE-2014-9637 | Med | 0.29 | 5.5 | 0.02 | Aug 25, 2017 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | ||
| CVE-2025-15337 | 0.00 | — | 0.00 | Feb 5, 2026 | Tanium addressed an incorrect default permissions vulnerability in Patch. | |||
| CVE-2021-45261 | 0.00 | — | 0.01 | Dec 22, 2021 | An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | |||
| CVE-2019-20633 | 0.00 | — | 0.01 | Mar 25, 2020 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. | |||
| CVE-2015-1396 | 0.00 | — | 0.03 | Nov 25, 2019 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | |||
| CVE-2018-20969 | 0.00 | — | 0.03 | Aug 16, 2019 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | |||
| CVE-2019-13638 | 0.00 | — | 0.05 | Jul 26, 2019 | GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from… | |||
| CVE-2019-13636 | 0.00 | — | 0.04 | Jul 17, 2019 | In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. | |||
| CVE-2015-1196 | 0.00 | — | 0.06 | Jan 21, 2015 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||
| CVE-2010-4651 | 0.00 | — | 0.05 | Mar 11, 2011 | Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. |
- risk 0.51cvss 7.8epss 0.06
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is…
- risk 0.49cvss 7.5epss 0.08
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
- risk 0.49cvss 7.5epss 0.09
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
- risk 0.44cvss 7.8epss 0.04
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch…
- risk 0.44cvss 7.8epss 0.04
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
- risk 0.43cvss 7.5epss 0.11
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
- risk 0.29cvss 5.5epss 0.02
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
- CVE-2025-15337Feb 5, 2026risk 0.00cvss —epss 0.00
Tanium addressed an incorrect default permissions vulnerability in Patch.
- CVE-2021-45261Dec 22, 2021risk 0.00cvss —epss 0.01
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
- CVE-2019-20633Mar 25, 2020risk 0.00cvss —epss 0.01
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
- CVE-2015-1396Nov 25, 2019risk 0.00cvss —epss 0.03
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
- CVE-2018-20969Aug 16, 2019risk 0.00cvss —epss 0.03
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
- CVE-2019-13638Jul 26, 2019risk 0.00cvss —epss 0.05
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from…
- CVE-2019-13636Jul 17, 2019risk 0.00cvss —epss 0.04
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
- CVE-2015-1196Jan 21, 2015risk 0.00cvss —epss 0.06
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
- CVE-2010-4651Mar 11, 2011risk 0.00cvss —epss 0.05
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.