system/patch: multiple vulnerabilities
Bugzilla ID | 249 |
Alias(es) | CVE-2019-20633 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-04-01 20:13:17 -0500 |
Modified | 2020-06-22 06:09:42 -0500 |
Status | UNCONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / minor |
Package(s) | system/patch |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-20633 |
See also | https://bugzilla.suse.com/show_bug.cgi?id=1167721 |
Description
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free
vulnerability in the function another_hunk in pch.c that can cause a
denial of service via a crafted patch file. NOTE: this issue exists
because of an incomplete fix for CVE-2018-6952.