Your submission was sent successfully! Close

CVE-2021-45261

Published: 22 December 2021

An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
patch
Launchpad, Ubuntu, Debian
bionic Deferred
(2022-03-04)
focal Deferred
(2022-03-04)
hirsute Ignored
(reached end-of-life)
impish Deferred
(2022-03-04)
jammy Deferred
(2022-03-04)
trusty Deferred
(2022-03-04)
upstream Needs triage

xenial Deferred
(2022-03-04)

Notes

AuthorNote
rodrigo-zaiden
negligible security impact since it affects the CLI tool with
a specific malformed patch file.
As of 2022-03-04, upstream has not released any updates nor
comments on this issue, marking as deferred.

References