Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-1416

Published: 5 February 2018

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

Notes

AuthorNote
seth-arnold
MITRE defined this CVE for version < 2.3 but didn't inspect newer
versions for similar flaws.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
patch
Launchpad, Ubuntu, Debian
precise Not vulnerable
(2.6.1-3ubuntu0.1)
trusty Not vulnerable

upstream
Released (2.5-1)
vivid Not vulnerable