VDB
DEBIAN-CVE-2019-13638
DEBIAN-CVE-2019-13638
PUBLISHED
CVSS 7.800000190734863 HIGH
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
Risk Scores
CVSS v3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | patch | 0, 0, 0 |
| Debian:14 | patch | 0, 0, 0 |
| Debian:11 | patch | 0, 0, 0 |
| Debian:13 | patch | 0, 0, 0 |
Timeline
- Jul 26, 2019 CVE Published
- Apr 28, 2026 CVE Updated