Описание
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | patch | Out of support scope | ||
| Red Hat Enterprise Linux 6 | patch | Not affected | ||
| Red Hat Enterprise Linux 7 | patch | Fixed | RHSA-2019:2964 | 03.10.2019 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | patch | Fixed | RHSA-2019:4061 | 03.12.2019 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | patch | Fixed | RHSA-2019:4061 | 03.12.2019 |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | patch | Fixed | RHSA-2019:4061 | 03.12.2019 |
| Red Hat Enterprise Linux 7.5 Extended Update Support | patch | Fixed | RHSA-2019:3757 | 06.11.2019 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | patch | Fixed | RHSA-2019:3758 | 06.11.2019 |
| Red Hat Enterprise Linux 8 | patch | Fixed | RHSA-2019:2798 | 19.09.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
EPSS
7.8 High
CVSS3