Symlink Mishandling Vulnerability in GNU Patch Affected by Malicious Input
CVE-2019-13636

5.9MEDIUM

Key Information:

Vendor

Gnu
Status
Patch
Vendor
CVE Published:
17 July 2019

What is CVE-2019-13636?

In GNU Patch versions up to 2.7.6, a vulnerability exists where symlinks can be mishandled in certain scenarios not limited to input files. This flaw may allow malicious users to exploit the system through directory traversal or command injection techniques, leading to unauthorized actions or access. It's crucial for users of GNU Patch to be aware of this issue and to implement the available security patches to mitigate any potential risks.

References

https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dc...
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/07/msg0...
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4071-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.