CVE-2019-20633
published 2020-03-25CVE-2019-20633: GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | patch | — | — |
| gnu | patch | <= 2.7.6 | — |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| gnu | patch | >= 0 < 2.7.6-r7 | 2.7.6-r7 |
| msrc | azl3_patch_2.7.6-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_patch_2.7.6-8_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_patch_2.7.6-7_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH