First published: Fri Jan 23 2015(Updated: )
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/patch | 2.7.6-7 | |
Red Hat Fedora | =20 | |
Red Hat Fedora | =21 | |
Mageia | =4.0 | |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Ubuntu | =14.10 | |
GNU Patch | <=2.7.2 |
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-9637 has been classified as a denial of service vulnerability, which can lead to memory consumption and segmentation faults.
To fix CVE-2014-9637, upgrade GNU patch to version 2.7.6-7 or later.
CVE-2014-9637 affects GNU patch versions up to and including 2.7.2.
Yes, CVE-2014-9637 can be exploited by remote attackers using a crafted diff file.
Systems using affected versions of GNU patch, such as certain versions of Debian, Fedora, Mageia, and Ubuntu, are vulnerable to CVE-2014-9637.