CVE-2015-1395

CWE-22Path Traversal8 documents8 sources
Severity
7.5HIGH
EPSS
2.6%
top 14.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU PatchCanonical Ubuntu LinuxFedoraproject Fedora
Timeline
PublishedAug 25
Latest updateMay 17

Description

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianpatch< 2.7.3-1+3
NVDgnu/patch2.7.2

Also affects: Fedora 20, 21, Ubuntu Linux 12.04, 14.04, 14.10

Patches

Patch: lists.fedoraproject.orgPatch: lists.fedoraproject.orgPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-97xh-wvxp-9m89: Directory traversal vulnerability in GNU patch versions which support Git-style patching before 22022-05-17
OSV
CVE-2015-1395: Directory traversal vulnerability in GNU patch versions which support Git-style patching before 22017-08-25
CVEList
CVE-2015-1395: Directory traversal vulnerability in GNU patch versions which support Git-style patching before 22017-08-25

📋Vendor Advisories

3
Ubuntu
GNU patch vulnerabilities2015-06-22
Red Hat
patch: directory traversal via file rename2015-01-20
Debian
CVE-2015-1395: patch - Directory traversal vulnerability in GNU patch versions which support Git-style ...2015

💬Community

1
Bugzilla
CVE-2015-1395 patch: directory traversal via file rename2015-01-21
CVE-2015-1395 (HIGH CVSS 7.5) | Directory traversal vulnerability i | cvebase.io