CVE-2018-6952

Source
Severity Medium
Remote No
Type Denial of service
Description
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.
Group Package Affected Fixed Severity Status Ticket
AVG-808 patch 2.7.6-3 2.7.6-7 High Fixed FS#57526
AVG-619 patch 2.7.6-1 2.7.6-3 High Fixed FS#57526
Date Advisory Group Package Severity Description
12 Nov 2018 ASA-201811-14 AVG-808 patch High multiple issues
09 Oct 2018 ASA-201810-8 AVG-619 patch High multiple issues
References
https://savannah.gnu.org/bugs/?53133
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300