A Directory Traversal vulnerability exists in the GNU patch prior to 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu patch |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |