CVE-2014-9637 — Patch vulnerability

CWE-39910 documents8 sources

Severity

5.5MEDIUMNVD

OSV5.8

EPSS

0.4%

top 41.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Patch Canonical Ubuntu Linux Fedoraproject Fedora +1 more

Timeline

PublishedAug 25

Latest updateMay 17

Description

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Debiangnu/patch< 2.7.1-7+3

▶Ubuntugnu/patch< 2.7.1-4ubuntu2.3

▶NVDgnu/patch2.7.2

▶NVDmageia/mageia4.0

Also affects: Fedora 20, 21, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: advisories.mageia.org ↗Patch: lists.fedoraproject.org ↗Patch: lists.fedoraproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-wpf6-pr9h-p2gj: GNU patch 2↗2022-05-17

▶

OSV

CVE-2014-9637: GNU patch 2↗2017-08-25

▶

CVEList

CVE-2014-9637: GNU patch 2↗2017-08-25

▶

OSV

patch vulnerabilities↗2015-06-22

▶

📋Vendor Advisories

Ubuntu

GNU patch vulnerabilities↗2015-06-22

▶

Red Hat

patch: local denial of service with a crafted patch↗2015-01-20

▶

Debian

CVE-2014-9637: patch - GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service...↗2014

▶

💬Community

Bugzilla

CVE-2014-9637 patch: local denial of service with a crafted patch↗2015-01-23

▶

Bugzilla

CVE-2014-9637 patch: various flaws [fedora-all]↗2015-01-21

▶