CVE-2018-6951

CWE-476 — NULL Pointer Dereference11 documents9 sources

Severity

7.5HIGH

EPSS

15.3%

top 5.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Patch Canonical Ubuntu Linux

Timeline

PublishedFeb 13

Latest updateMay 14

Description

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Ubuntupatch< 2.7.1-4ubuntu2.4+1

▶NVDgnu/patch2.7.6

Also affects: Ubuntu Linux 14.04, 16.04, 17.10

Patches

Patch: git.savannah.gnu.org ↗Patch: git.savannah.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-jx75-987w-4cqc: An issue was discovered in GNU patch through 2↗2022-05-14

▶

OSV

patch vulnerabilities↗2018-04-10

▶

CVEList

CVE-2018-6951: An issue was discovered in GNU patch through 2↗2018-02-13

▶

OSV

CVE-2018-6951: An issue was discovered in GNU patch through 2↗2018-02-13

▶

📋Vendor Advisories

Ubuntu

Patch vulnerabilities↗2018-04-10

▶

Microsoft

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault associated with a NULL pointer dereference leading to a denial of service in the intuit_diff_type function in pch.c ak↗2018-02-13

▶

Red Hat

patch: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash↗2018-02-03

▶

Debian

CVE-2018-6951: patch - An issue was discovered in GNU patch through 2.7.6. There is a segmentation faul...↗2018

▶

💬Community

Bugzilla

CVE-2018-6951 patch: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash [fedora-all]↗2018-02-14

▶

Bugzilla

CVE-2018-6951 patch: NULL pointer dereference in pch.c:intuit_diff_type() causes a crash↗2018-02-14

▶