CVE-2018-13348

N/A

Descricao

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

Detalhes CVE

Pontuacao CVSS v3.1N/A

Publicado7/6/2018

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

mercurial:mercurial

Fraquezas (CWE)

CWE-20

Referencias

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html(cve@mitre.org)

https://www.mercurial-scm.org/repo/hg/rev/90a274965de7(cve@mitre.org)

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29(cve@mitre.org)

https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.mercurial-scm.org/repo/hg/rev/90a274965de7(af854a3a-2127-422b-91ae-364da2661108)

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.