Published: 06 July 2018
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
From the Ubuntu security team
It was discovered that Mercurial incorrectly handled patch data. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
CVSS 3 base score: 7.5