CVE-2018-13347
Published: 6 July 2018
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
From the Ubuntu Security Team
It wa discovered that Mercurial incorrectly handled integer addition and subtraction. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
- https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
- https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
- https://www.cve.org/CVERecord?id=CVE-2018-13347
- NVD
- Launchpad
- Debian