Published: 16/08/2019 Updated: 05/09/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

do_ed_script in pch.c in GNU patch up to and including 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu patch

Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...

Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...

Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...

Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solut ...

Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...

do_ed_script in pchc in GNU patch through 276 does not block strings beginning with a ! character NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter(CVE-2018-20969) GNU patch through 276 is vulnerable to OS shell command injection that can be exploited by opening ...

Impact: Important Public Date: 2019-08-16 CWE: CWE-863 Bugzilla: 1746672: CVE-2018-20969 patch: do_ed_s ...

The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.

GNU patch vulnerabilities I identified several vulnerabilities in the GNU patch utility, some of them making it possible to execute arbitrary code if the victim opens a crafted patch file It also turned out, some of these vulnerabilities had been silently addressed by the maintainer back then in 2018 when CVE-2018-1000156 was reported by pushing some additional commits the sam

CWE-78 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 https://seclists.org/bugtraq/2019/Aug/29 http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://github.com/irsl/gnu-patch-vulnerabilities https://access.redhat.com/errata/RHSA-2019:2798 https://access.redhat.com/errata/RHSA-2019:2964 https://access.redhat.com/errata/RHSA-2019:3757 https://access.redhat.com/errata/RHSA-2019:4061 https://access.redhat.com/errata/RHSA-2019:3758 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2019:3757 https://github.com/irsl/gnu-patch-vulnerabilities https://alas.aws.amazon.com/ALAS-2019-1312.html

CVE-2018-20969

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect