Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000156

Опубликовано: 05 апр. 2018
Источник: redhat
CVSS3: 7.8
EPSS Средний

Описание

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5patchWill not fix
Red Hat Enterprise Linux 8patchNot affected
Red Hat Enterprise Linux 6patchFixedRHSA-2018:119923.04.2018
Red Hat Enterprise Linux 6.4 Advanced Update SupportpatchFixedRHSA-2018:209727.06.2018
Red Hat Enterprise Linux 6.5 Advanced Update SupportpatchFixedRHSA-2018:209627.06.2018
Red Hat Enterprise Linux 6.6 Advanced Update SupportpatchFixedRHSA-2018:209527.06.2018
Red Hat Enterprise Linux 6.6 Telco Extended Update SupportpatchFixedRHSA-2018:209527.06.2018
Red Hat Enterprise Linux 6.7 Extended Update SupportpatchFixedRHSA-2018:209427.06.2018
Red Hat Enterprise Linux 7patchFixedRHSA-2018:120023.04.2018
Red Hat Enterprise Linux 7.2 Advanced Update SupportpatchFixedRHSA-2018:209327.06.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-77
https://bugzilla.redhat.com/show_bug.cgi?id=1564326patch: Malicious patch files cause ed to execute arbitrary commands

EPSS

Процентиль: 97%
0.42803
Средний

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000156

CVSS3: 7.8
ubuntu
больше 7 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

nvd логотип

CVE-2018-1000156

CVSS3: 7.8
nvd
больше 7 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

msrc логотип

CVE-2018-1000156

CVSS3: 7.8
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2018-1000156

CVSS3: 7.8
debian
больше 7 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability whe ...

github логотип

GHSA-r9rq-mhxg-686q

CVSS3: 7.8
github
около 3 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

EPSS

Процентиль: 97%
0.42803
Средний

7.8 High

CVSS3