CVE-2018-20969
Published
CVSS v3
N/A
CVSS v2
9.3
HIGH
Affected
1
PROJECT
Description
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.
GitHub