CVE-2018-20969
published 2019-08-16CVE-2018-20969: do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | patch | < patch 2.7.6-5 (bookworm) | patch 2.7.6-5 (bookworm) |
| gnu | patch | <= 2.7.6 | — |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| msrc | azl3_patch_2.7.6-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_patch_2.7.6-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_patch_2.7.6-7_on_cbl_mariner_1.0 | — | — |
| msrc | patch-2.7.6-7.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | patch-2.7.6-7.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | patch-2.7.6-7.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | patch-2.7.6-7.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
| msrc | patch-2.7.6-9.azl3.aarch64.rpm_on_azure_linux_3.0_arm | — | — |
| msrc | patch-2.7.6-9.azl3.x86_64.rpm_on_azure_linux_3.0_x64 | — | — |
| msrc | patch-debuginfo-2.7.6-7.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | patch-debuginfo-2.7.6-7.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | patch-debuginfo-2.7.6-7.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | patch-debuginfo-2.7.6-7.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH