DEBIAN-CVE-2015-1395

DEBIAN-CVE-2015-1395 PUBLISHED CVSS 7.5 HIGH

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:14	patch	0, 0, 0
Debian:11	patch	0, 0, 0
Debian:12	patch	0, 0, 0
Debian:13	patch	0, 0, 0

Timeline

Aug 25, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-1395 advisory

Open in Interactive Console →