Security Advisory

CVE-2018-1000156

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-04-06 13:00:00

Last updated 2025-04-14 19:36:21

Assigner mitre

State PUBLISHED

Description

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSDs CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

← Browse all CVEs View on cve.org ↗