VDB

ALPINE-CVE-2018-1000156

ALPINE-CVE-2018-1000156 PUBLISHED CVSS 7.800000190734863 HIGH

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Risk Scores

CVSS 3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.17patch2.5.9-r0, 0, 2.6.1-r0
Alpine:v3.15patch0, 2.6.1-r0, 2.6.1-r2
Alpine:v3.8patch2.7.1-r0, 0, 2.6-r0
Alpine:v3.12patch2.6.1-r3, 2.6.1-r3, 2.7.3-r0
Alpine:v3.18patch2.7.5-r0, 2.6.1-r0, 2.6.1-r1
Alpine:v3.7patch2.6-r0, 0, 2.6-r0
Alpine:v3.11patch0, 2.5.9-r0, 2.6-r0
Alpine:v3.23patch2.7.6-r5, 0, 2.6-r0
Alpine:v3.14patch0, 0, 2.7.6-r5
Alpine:v3.19patch2.5.9-r0, 0, 0
Alpine:v3.22patch0, 0, 0
Alpine:v3.13patch0, 0, 2.7.6-r5
Alpine:v3.9patch2.6.1-r0, 0, 2.5.9-r0
Alpine:v3.20patch0, 2.5.9-r0, 2.6-r0
Alpine:v3.16patch2.5.9-r0, 0, 0
Alpine:v3.24patch0, 0
Alpine:v3.21patch2.6.1-r0, 2.6.1-r2, 0
Alpine:v3.10patch2.6-r0, 2.6.1-r1, 2.6.1-r2

Timeline

  • Apr 6, 2018 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›