CVE-2018-13346

Published: Jul 6, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

Affected (1)

Products: Mercurial: Mercurial

Mercurial

1 product

Mercurial

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mercurial Mercurial	Before 4.6.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

https://access.redhat.com/errata/RHSA-2019:2276

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

Source: cve@mitre.org

https://www.mercurial-scm.org/repo/hg/rev/faa924469635

Source: cve@mitre.org

PatchThird Party Advisory

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2276

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mercurial-scm.org/repo/hg/rev/faa924469635

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.