CVE-2018-20969

7.8HIGH

Key Information:

Vendor: Gnu
Status: Patch
Vendor: CVE Published:; 16 August 2019

Summary

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.

References

https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3f...

x_refsource_MISC

https://seclists.org/bugtraq/2019/Aug/29

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/154124/GNU-patch-Com...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 16, 2019
Vulnerability Reserved
Aug 15, 2019