CVE-2018-6951

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue.

References

Affected packages

Git / cgit.git.savannah.gnu.org/cgit/patch.git

Affected ranges

Type: GIT
Repo: https://cgit.git.savannah.gnu.org/cgit/patch.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f290f48a621867084884bfff87f8093c15195e6a

Type

GIT

Repo

https://git.savannah.gnu.org/git/patch.git/

Events

Introduced

Last affected

40b387de08653a1e46872b8ac1a6a14b9b94feb3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.6"
        }
    ]
}

Affected versions

v2.*

v2.1

v2.2

v2.3

v2.4

v2.5

v2.5.3

v2.5.4

v2.5.7

v2.5.8

v2.5.9

v2.6

v2.6.1

v2.7

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "17.10"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6951.json"