CVE-2019-13636

CWE-5913 documents9 sources
Severity
5.9MEDIUM
EPSS
4.4%
top 10.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Patch
Timeline
PublishedJul 17
Latest updateMay 24

Description

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Debianpatch< 2.7.6-5+3
Ubuntupatch< 2.7.5-1ubuntu0.16.04.2+2
NVDgnu/patch2.7.6

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

5
GHSA
GHSA-f3xm-hqch-mq3q: In GNU patch through 22022-05-24
OSV
patch vulnerabilities2019-07-24
OSV
patch vulnerabilities2019-07-24
OSV
CVE-2019-13636: In GNU patch through 22019-07-17
CVEList
CVE-2019-13636: In GNU patch through 22019-07-17

📋Vendor Advisories

5
Ubuntu
Patch vulnerabilities2019-07-24
Red Hat
patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files2019-07-24
Ubuntu
Patch vulnerabilities2019-07-24
Microsoft
In GNU patch through 2.7.6 the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.2019-07-09
Debian
CVE-2019-13636: patch - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain c...2019

💬Community

2
Bugzilla
CVE-2019-13636 patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files2019-07-24
Bugzilla
CVE-2019-13636 patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files [fedora-all]2019-07-24
CVE-2019-13636 (MEDIUM CVSS 5.9) | In GNU patch through 2.7.6 | cvebase.io