Your submission was sent successfully! Close

CVE-2019-20633

Published: 25 March 2020

GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.

Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
patch
Launchpad, Ubuntu, Debian
bionic Needs triage

eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Needs triage

jammy Needs triage

precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream Not vulnerable
(debian: Incomplete fix for CVE-2018-6952 not applied)
xenial Needs triage

Notes

AuthorNote
sbeattie
this issue was introduced by the fix for CVE-2018-6952, which
has not been applied to any Ubuntu release, due to a complete fix not
being available.

References