CVE-2018-20969

Published: Aug 16, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0

x_refsource_MISC

20190816 Details about recent GNU patch vulnerabilities

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html

x_refsource_MISC

https://github.com/irsl/gnu-patch-vulnerabilities

x_refsource_MISC

RHSA-2019:2798

vendor-advisory

x_refsource_REDHAT

RHSA-2019:2964

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3757

vendor-advisory

x_refsource_REDHAT

RHSA-2019:3758

vendor-advisory

x_refsource_REDHAT

RHSA-2019:4061

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-20969

Description

Affected Products

References