Gnu Patch
15 CVEs affecting Gnu Patch. Latest disclosed: 2026-07-09. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-20969 | High | 7.8 | 2019-08-16 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but… |
CVE-2019-13638 | High | 7.8 | 2019-07-26 | GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payloa… |
CVE-2018-1000156 | High | 7.8 | 2018-04-06 | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can resul… |
CVE-2015-1396 | High | 7.5 | 2019-11-25 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file… |
CVE-2018-6952 | High | 7.5 | 2018-02-13 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
CVE-2018-6951 | High | 7.5 | 2018-02-13 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service i… |
CVE-2015-1395 | High | 7.5 | 2017-08-25 | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with… |
CVE-2019-13636 | Medium | 5.9 | 2019-07-17 | In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. |
CVE-2021-45261 | Medium | 5.5 | 2021-12-22 | An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. |
CVE-2019-20633 | Medium | 5.5 | 2020-03-25 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a… |
CVE-2016-10713 | Medium | 5.5 | 2018-02-13 | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. |
CVE-2014-9637 | Medium | 5.5 | 2017-08-25 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. |
CVE-2026-56289 | | 2026-07-09 | GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A… | |
CVE-2026-56288 | | 2026-07-09 | GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file… | |
CVE-2015-1196 | | 2015-01-21 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. |