Gnu Patch

15 CVEs affecting Gnu Patch. Latest disclosed: 2026-07-09. Critical: 0, High: 7.

Top CVEs affecting Gnu Patch
CVESeverityScorePublishedSummary
CVE-2018-20969High7.82019-08-16do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but…
CVE-2019-13638High7.82019-07-26GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payloa…
CVE-2018-1000156High7.82018-04-06GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can resul…
CVE-2015-1396High7.52019-11-25A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file…
CVE-2018-6952High7.52018-02-13A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
CVE-2018-6951High7.52018-02-13An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service i…
CVE-2015-1395High7.52017-08-25Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with…
CVE-2019-13636Medium5.92019-07-17In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVE-2021-45261Medium5.52021-12-22An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.
CVE-2019-20633Medium5.52020-03-25GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a…
CVE-2016-10713Medium5.52018-02-13An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
CVE-2014-9637Medium5.52017-08-25GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
CVE-2026-562892026-07-09GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single block of changes in diff) line offsets in unified-diff input. A…
CVE-2026-562882026-07-09GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file…
CVE-2015-11962015-01-21GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.