VDB

GCVE-110-MAGEIA-2018-355

GCVE-110-MAGEIA-2018-355
Advisory Published
Vulnetix · Advisory published August 31, 2018
This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (CVE-2018-13346). Fix mpatch.c that mishandles integer addition and subtraction (CVE-2018-13347). Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data (CVE-2018-13348). Remote attackers may bypass HTTP server permissions via batch wire protocol commands(CVE-2018-1000132).

Affected Products

VendorProductVersionsPlatforms
Mageiamercurial0 (affected), 4.6.2-1.mga5 (unaffected)
Mageiamercurial4.6.2-1.mga6 (unaffected), 0 (affected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›