Symlink Mishandling Vulnerability in GNU Patch Affected by Malicious Input
CVE-2019-13636

5.9MEDIUM

Key Information:

Vendor: Gnu
Status: Patch
Vendor: CVE Published:; 17 July 2019

What is CVE-2019-13636?

In GNU Patch versions up to 2.7.6, a vulnerability exists where symlinks can be mishandled in certain scenarios not limited to input files. This flaw may allow malicious users to exploit the system through directory traversal or command injection techniques, leading to unauthorized actions or access. It's crucial for users of GNU Patch to be aware of this issue and to implement the available security patches to mitigate any potential risks.

References

https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dc...

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2019/07/msg0...

mailing-listx_refsource_MLIST

https://usn.ubuntu.com/4071-1/

vendor-advisoryx_refsource_UBUNTU

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2019
Vulnerability Reserved
Jul 17, 2019

Gnu

What is CVE-2019-13636?

References

EPSS Score

CVSS V3.1

Timeline