CVE-2019-13636
published 2019-07-17CVE-2019-13636: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | patch | < patch 2.7.6-5 (bookworm) | patch 2.7.6-5 (bookworm) |
| gnu | patch | <= 2.7.6 | — |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| gnu | patch | >= 0 < 2.7.6-5 | 2.7.6-5 |
| gnu | patch | >= 0 < 2.7.5-1ubuntu0.16.04.2 | 2.7.5-1ubuntu0.16.04.2 |
| gnu | patch | >= 0 < 2.7.6-2ubuntu1.1 | 2.7.6-2ubuntu1.1 |
| gnu | patch | >= 0 < 2.7.1-4ubuntu2.4+esm1 | 2.7.1-4ubuntu2.4+esm1 |
| msrc | azl3_patch_2.7.6-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_patch_2.7.6-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_patch_2.7.6-7_on_cbl_mariner_1.0 | — | — |
| msrc | patch-2.7.6-7.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | patch-2.7.6-7.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | patch-2.7.6-7.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
| msrc | patch-2.7.6-7.cm2.x86_64.rpm_on_cbl_mariner_2.0_x64 | — | — |
| msrc | patch-2.7.6-9.azl3.aarch64.rpm_on_azure_linux_3.0_arm | — | — |
| msrc | patch-2.7.6-9.azl3.x86_64.rpm_on_azure_linux_3.0_x64 | — | — |
| msrc | patch-debuginfo-2.7.6-7.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | patch-debuginfo-2.7.6-7.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | patch-debuginfo-2.7.6-7.cm2.aarch64.rpm_on_cbl_mariner_2.0_arm | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM