CVE-2019-20633

CWE-415CWE-416Use After Free9 documents8 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 69.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Patch
Timeline
PublishedMar 25
Latest updateMay 24

Description

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Alpinepatch< 2.7.6-r7+12
NVDgnu/patch2.7.6

🔴Vulnerability Details

3
GHSA
GHSA-w88p-xvmw-fxgg: GNU patch through 22022-05-24
CVEList
CVE-2019-20633: GNU patch through 22020-03-25
OSV
CVE-2019-20633: GNU patch through 22020-03-25

📋Vendor Advisories

3
Microsoft
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exi2020-03-10
Red Hat
patch: double free in another_hunk function in pch.c2019-07-28
Debian
CVE-2019-20633: patch - GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability...2019

💬Community

2
Bugzilla
CVE-2019-20633 patch: double free in another_hunk function in pch.c2020-03-30
Bugzilla
CVE-2019-20633 patch: double free in another_hunk function in pch.c [fedora-all]2020-03-30
CVE-2019-20633 (MEDIUM CVSS 5.5) | GNU patch through 2.7.6 contains a | cvebase.io