CVE-2018-13348

HIGH

Mercurial < 4.6.1 - Denial of Service via mpatch_decode Function

Title source: llm
STIX 2.1

Description

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

Scores

CVSS v3 7.5
EPSS 0.0209
EPSS Percentile 79.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
mercurial/mercurial < 4.6.1
pypi/mercurial 0 - 4.6.1PyPI
Published Jul 06, 2018
Tracked Since Feb 18, 2026