CVE-2015-1196: GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

medium4.3CVSS 3.1

AVNACMAuNCNIPAN

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

20 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	patch	< patch 2.7.3-1 (bookworm)	patch 2.7.3-1 (bookworm)
debian	patch	< patch 2.7.1-7 (bookworm)	patch 2.7.1-7 (bookworm)
gnu	patch	< 2.7.4	2.7.4
gnu	patch	—	—
gnu	patch	>= 0 < 2.7.1-7	2.7.1-7
gnu	patch	>= 0 < 2.7.3-1	2.7.3-1
gnu	patch	>= 0 < 2.7.1-7	2.7.1-7
gnu	patch	>= 0 < 2.7.3-1	2.7.3-1
gnu	patch	>= 0 < 2.7.1-7	2.7.1-7
gnu	patch	>= 0 < 2.7.3-1	2.7.3-1
gnu	patch	>= 0 < 2.7.1-7	2.7.1-7
gnu	patch	>= 0 < 2.7.3-1	2.7.3-1
gnu	patch	>= 0 < 2.7.1-4ubuntu2.3	2.7.1-4ubuntu2.3
opensuse	opensuse	—	—
opensuse	opensuse	—	—
oracle	solaris	—	—

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N

osv5.8MEDIUM