CVE - CVE-2018-20969

CVE-ID
CVE-2018-20969	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20190816 Details about recent GNU patch vulnerabilities URL:https://seclists.org/bugtraq/2019/Aug/29 MISC:http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html MISC:https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 MISC:https://github.com/irsl/gnu-patch-vulnerabilities REDHAT:RHSA-2019:2798 URL:https://access.redhat.com/errata/RHSA-2019:2798 REDHAT:RHSA-2019:2964 URL:https://access.redhat.com/errata/RHSA-2019:2964 REDHAT:RHSA-2019:3757 URL:https://access.redhat.com/errata/RHSA-2019:3757 REDHAT:RHSA-2019:3758 URL:https://access.redhat.com/errata/RHSA-2019:3758 REDHAT:RHSA-2019:4061 URL:https://access.redhat.com/errata/RHSA-2019:4061
Assigning CNA
MITRE Corporation
Date Record Created
20190815	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190815)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)