gnu patch CVE-2019-13638 in GNU and Debian Products
Published on July 26, 2019

product logo product logo
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-13638

stack.watch emails you whenever new vulnerabilities are published in GNU Patch or Debian Linux. Just hit a watch button to start following.

 
 

Exploit Probability

EPSS
4.53%
Percentile
90.42%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.