Severity High
Remote No
Type Arbitrary command execution
An arbitrary command execution vulnerability has been found in patch before 2.7.7 when applying ed-style patches. Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to pass certain ed scripts to the ed editor, which would run commands. This issue could be exploited to execute arbitrary commands as the user invoking patch against a specically crafted patch file, which could be leveraged to obtain elevated privileges.
Group Package Affected Fixed Severity Status Ticket
AVG-619 patch 2.7.6-1 High Vulnerable FS#57526