VDB
GCVE-110-MAGEIA-2018-355
GCVE-110-MAGEIA-2018-355
Advisory Published
This update provides mercurial version 4.6.2 and fixes the following
security issues:
Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in
cases where the fragment start is past the end of the original data
(CVE-2018-13346).
Fix mpatch.c that mishandles integer addition and subtraction
(CVE-2018-13347).
Fix the mpatch_decode function in mpatch.c that mishandles certain
situations where there should be at least 12 bytes remaining after
the current position in the patch data (CVE-2018-13348).
Remote attackers may bypass HTTP server permissions via batch wire
protocol commands(CVE-2018-1000132).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mercurial | 0 (affected), 4.6.2-1.mga5 (unaffected) | — |
| Mageia | mercurial | 4.6.2-1.mga6 (unaffected), 0 (affected) | — |
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.