Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/patch | deb | debian | 12 | >=2.7.6-7 | Not yet available |
| debian/patch | deb | debian | 13 | >=2.7.6-7 | Not yet available |
| debian/patch | deb | debian | 11 | >=2.7.6-7 | Not yet available |
| debian/patch | deb | debian | unstable | >=2.7.6-7 | Not yet available |
| debian/patch | deb | debian | 10 | >=2.7.6-3+deb10u1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
8.6
-
3.9
-