Impact: Moderate Public Date: 2019-07-24 CWE: CWE-59 Bugzilla: 1732781: CVE-2019-13636 patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2019-13636 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 5.9 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | High |
Availability Impact | None |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 8 | patch | Under investigation |
Red Hat Enterprise Linux 7 | patch | Under investigation |
Red Hat Enterprise Linux 6 | patch | Under investigation |
Red Hat Enterprise Linux 5 | patch | Under investigation |