Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1000156

Опубликовано: 06 апр. 2018
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 6.8
CVSS3: 7.8

Описание

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

РелизСтатусПримечание
artful

released

2.7.5-1ubuntu0.2
devel

released

2.7.6-2ubuntu1
esm-infra-legacy/trusty

not-affected

2.7.1-4ubuntu2.4
esm-infra/xenial

not-affected

2.7.5-1ubuntu0.16.04.1
precise/esm

not-affected

2.6.1-3ubuntu0.2
trusty

released

2.7.1-4ubuntu2.4
trusty/esm

not-affected

2.7.1-4ubuntu2.4
upstream

needs-triage

xenial

released

2.7.5-1ubuntu0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%
0.42803
Средний

6.8 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1000156

CVSS3: 7.8
redhat
больше 7 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

nvd логотип

CVE-2018-1000156

CVSS3: 7.8
nvd
больше 7 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

msrc логотип

CVE-2018-1000156

CVSS3: 7.8
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2018-1000156

CVSS3: 7.8
debian
больше 7 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability whe ...

github логотип

GHSA-r9rq-mhxg-686q

CVSS3: 7.8
github
около 3 лет назад

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

EPSS

Процентиль: 97%
0.42803
Средний

6.8 Medium

CVSS2

7.8 High

CVSS3