Double Free Vulnerability in GNU Patch by GNU
CVE-2019-20633

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Patch
Vendor: CVE Published:; 25 March 2020

Summary

A double free vulnerability exists in the GNU Patch utility, specifically within the 'another_hunk' function in the pch.c file. This flaw can be exploited through a specially crafted patch file, potentially leading to a denial of service. The issue arises due to an incomplete fix for a prior vulnerability, allowing attackers to exploit the system. Users of GNU Patch versions up to 2.7.6 should be aware of this risk and take appropriate measures to safeguard their environments.

References

https://savannah.gnu.org/bugs/index.php?56683

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2020
Vulnerability Reserved
Mar 25, 2020