CVE-2019-20633

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Patch
Vendor: CVE Published:; 25 March 2020

Summary

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

References

https://savannah.gnu.org/bugs/index.php?56683

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2020
Vulnerability Reserved
Mar 25, 2020