oss-sec mailing list archives

Re: CVE request: directory traversal flaw in patch

From: cve-assign () mitre org
Date: Thu, 22 Jan 2015 10:14:27 -0500 (EST)

Hi!

I think these issues in patch also deserve CVEs:

https://savannah.gnu.org/bugs/?44051
"With a specific file, patch goes to infinite loop and eats all CPU time."



Use CVE-2014-9637.

http://git.savannah.gnu.org/cgit/patch.git/commit/?id=44a987e02f04b9d81a0db4a611145cad1093a2d3"Add line number overflow checking. Based on Robert C. Seacord's INT32-Cdocument for integer overflow checking and Tobias Stoeckmann's "integeroverflows and oob memory access" patch for FreeBSD."

What is the security impact of this issue? The commit is not immediatelyclear.


---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Current thread:

CVE request: directory traversal flaw in patch Martin Prpic (Jan 14)
- Re: CVE request: directory traversal flaw in patch cve-assign (Jan 18)
  - Re: CVE request: directory traversal flaw in patch Martin Prpic (Jan 20)
    - Re: CVE request: directory traversal flaw in patch cve-assign (Jan 22)