Every CVE whose affected-product data names Gnu Patch, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2018-20969 — CVSS 7.8 (high): do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for…
CVE-2019-13638 — CVSS 7.8 (high): GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an…
CVE-2018-1000156 — CVSS 7.8 (high): GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation…
CVE-2018-6951 — CVSS 7.5 (high): An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a…
CVE-2015-1395 — CVSS 7.5 (high): Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to…
CVE-2015-1396 — CVSS 7.5 (high): A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink…
CVE-2019-13636 — CVSS 5.9 (medium): In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVE-2021-45261 — CVSS 5.5 (medium): An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
CVE-2016-10713 — CVSS 5.5 (medium): An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a…
CVE-2014-9637 — CVSS 5.5 (medium): GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted…
CVE-2019-20633 — CVSS 5.5 (medium): GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a…
CVE-2015-1196 — CVSS 4.3 (medium): GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.