Description
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
References (9)
Core 9
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://savannah.gnu.org/bugs/?44051
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/22/7
Patch, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html
Patch, Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0068.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72286
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944
Patch, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1185262
Patch, Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2651-1
Scores
CVSS v3
5.5
EPSS
0.0032
EPSS Percentile
55.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-399
Status
published
Products (7)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
fedoraproject/fedora
20
fedoraproject/fedora
21
gnu/patch
< 2.7.2
mageia/mageia
4.0
Published
Aug 25, 2017
Tracked Since
Feb 18, 2026