CVE-2018-20969

CVE-2018-20969

Name

CVE-2018-20969

Description

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
Exploit	https://seclists.org/bugtraq/2019/Aug/29
Third Party Advisory	http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html
MISC	https://github.com/irsl/gnu-patch-vulnerabilities
REDHAT	https://access.redhat.com/errata/RHSA-2019:2798
REDHAT	https://access.redhat.com/errata/RHSA-2019:2964
REDHAT	https://access.redhat.com/errata/RHSA-2019:3757
REDHAT	https://access.redhat.com/errata/RHSA-2019:4061
REDHAT	https://access.redhat.com/errata/RHSA-2019:3758

Type

URI

Patch

https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0

Exploit

https://seclists.org/bugtraq/2019/Aug/29

Third Party Advisory

http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html

MISC

https://github.com/irsl/gnu-patch-vulnerabilities

REDHAT

https://access.redhat.com/errata/RHSA-2019:2798

REDHAT

https://access.redhat.com/errata/RHSA-2019:2964

REDHAT

https://access.redhat.com/errata/RHSA-2019:3757

REDHAT

https://access.redhat.com/errata/RHSA-2019:4061

REDHAT

https://access.redhat.com/errata/RHSA-2019:3758

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:patch::::::::`	patch	>= None	<= 2.7.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*

patch

>= None

<= 2.7.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
patch	3.10-main	2.7.6-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.14-main	2.7.6-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.13-main	2.7.6-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.12-main	2.7.6-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.11-main	2.7.6-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.15-main	2.7.6-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.16-main	2.7.6-r7	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.17-main	2.7.6-r9	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	edge-main	2.7.6-r10	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.18-main	2.7.6-r10	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.19-main	2.7.6-r10	Natanael Copa <ncopa@alpinelinux.org>	fixed
patch	3.20-main	2.7.6-r10	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

patch

3.10-main

2.7.6-r6

Natanael Copa <ncopa@alpinelinux.org>

fixed

patch

3.14-main