CVE-2018-20969

Public Exploit

Description

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.

References

Link	Tags
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0	patch vendor advisory
https://seclists.org/bugtraq/2019/Aug/29	mailing list patch exploit third party advisory
http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html	vdb entry third party advisory
https://github.com/irsl/gnu-patch-vulnerabilities
https://access.redhat.com/errata/RHSA-2019:2798	vendor advisory
https://access.redhat.com/errata/RHSA-2019:2964	vendor advisory
https://access.redhat.com/errata/RHSA-2019:3757	vendor advisory
https://access.redhat.com/errata/RHSA-2019:3758	vendor advisory
https://access.redhat.com/errata/RHSA-2019:4061	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2018-20969?: CVE-2018-20969 has been scored as a high severity vulnerability.
How to fix CVE-2018-20969?: To fix CVE-2018-20969, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-20969 being actively exploited in the wild?: It is possible that CVE-2018-20969 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions