VDB

ALPINE-CVE-2019-13636

ALPINE-CVE-2019-13636 PUBLISHED CVSS 5.900000095367432 MEDIUM

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

Risk Scores

CVSS 3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.10patch2.5.9-r0, 0, 0
Alpine:v3.11patch0, 0, 2.6-r0
Alpine:v3.14patch2.7.6-r2, 0, 0
Alpine:v3.7patch2.7.5-r0, 2.7.3-r0, 2.6.1-r3
Alpine:v3.15patch2.7.3-r0, 2.7.4-r0, 2.6.1-r2
Alpine:v3.22patch2.5.9-r0, 0, 0
Alpine:v3.24patch0, 0
Alpine:v3.21patch2.5.9-r0, 2.6-r0, 2.7.6-r2
Alpine:v3.23patch0, 0, 2.5.9-r0
Alpine:v3.16patch2.5.9-r0, 2.6-r0, 2.6.1-r0
Alpine:v3.20patch2.7.6-r2, 2.7.6-r4, 2.7.6-r0
Alpine:v3.9patch2.7.5-r0, 0, 2.7.6-r4
Alpine:v3.12patch2.6.1-r0, 2.7.6-r0, 2.7.6-r4
Alpine:v3.17patch2.7.1-r0, 0, 0
Alpine:v3.13patch2.7.6-r1, 2.7.6-r2, 2.7.6-r4
Alpine:v3.19patch0, 2.7.6-r3, 2.7.6-r2
Alpine:v3.18patch0, 0, 2.5.9-r0
Alpine:v3.8patch0, 0, 2.7.6-r2

Timeline

  • Jul 17, 2019 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›