mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 06:55:56 +02:00
0xMarcio
770 B
770 B
CVE-2019-13636
Description
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
POC
Reference
- http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html
- https://github.com/irsl/gnu-patch-vulnerabilities
- https://seclists.org/bugtraq/2019/Aug/29