CVE-2018-1000156
Description
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSDs CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
36.762
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Patch security update (CESA-2018:1199) patch-2.6-8.el6_9.i686.rpm | Linux |
| Patch security update (CESA-2018:1199) patch-2.6-8.el6_9.x86_64.rpm | Linux |
| (RHSA-2018:1199) Important: patch security update patch-2.6-8.el6_9.i686.rpm | Linux |
| (RHSA-2018:1199) Important: patch security update patch-2.6-8.el6_9.x86_64.rpm | Linux |
| (RHSA-2018:1200) Important: patch security update patch-2.7.1-10.el7_5.x86_64.rpm | Linux |
| (RHSA-2018:2091) Important: patch security update patch-2.7.1-10.el7_4.x86_64.rpm | Linux |
| (RHSA-2018:2092) Important: patch security update patch-2.7.1-10.el7_3.x86_64.rpm | Linux |
| (RHSA-2018:2093) Important: patch security update patch-2.7.1-10.el7_2.x86_64.rpm | Linux |
| SUSE-SU-2018:1128-1(SUSE Linux Enterprise Desktop 12-SP3 ) patch-2.7.5-8.5.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1128-1(SUSE Linux Enterprise Desktop 12-SP3 ) patch-debuginfo-2.7.5-8.5.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1128-1(SUSE Linux Enterprise Desktop 12-SP3 ) patch-debugsource-2.7.5-8.5.1.x86_64.rpm | Linux |
| SUSE-SU-2018:1162-1(SUSE Linux Enterprise Server 11-SP4 ) patch-2.5.9-252.22.7.1.x86_64.rpm | Linux |
| Patch update (ELSA-2018-1199) patch-2.6-8.el6_9.x86_64.rpm | Linux |
| Patch update (ELSA-2018-1199) patch-2.6-8.el6_9.i686.rpm | Linux |
| (CESA-2018:2092) Important: patch security update patch-2.7.1-10.el7_3.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234