CVE-2019-13636
MEDIUMGNU patch < 2.7.6 - Improper Link Resolution in inp.c and util.c
Title source: llmDescription
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
References (12)
Core 12
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4071-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4071-2/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4489
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jul/54
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/29
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-22
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190828-0001/
Various Sources x_refsource_misc
https://github.com/irsl/gnu-patch-vulnerabilities
Scores
CVSS v3
5.9
EPSS
0.0433
EPSS Percentile
89.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (1)
gnu/patch
< 2.7.6
Published
Jul 17, 2019
Tracked Since
Feb 18, 2026