CVE-2014-9637

moderate-risk
Published 2017-08-25

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (7)

Affected Vendors

Mageia Gnu Fedoraproject Canonical

References (18)

Patch http://advisories.mageia.org/MGASA-2015-0068.html
Patch http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html
Patch http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.ht...
Mailing List http://www.openwall.com/lists/oss-security/2015/01/22/7
Third Party Advisory http://www.securityfocus.com/bid/72286
Patch http://www.ubuntu.com/usn/USN-2651-1
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1185262
Issue Tracking https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a...
Issue Tracking https://savannah.gnu.org/bugs/?44051
Patch http://advisories.mageia.org/MGASA-2015-0068.html
Patch http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html
Patch http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.ht...
Mailing List http://www.openwall.com/lists/oss-security/2015/01/22/7
Third Party Advisory http://www.securityfocus.com/bid/72286
Patch http://www.ubuntu.com/usn/USN-2651-1
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1185262
Issue Tracking https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a...
Issue Tracking https://savannah.gnu.org/bugs/?44051
33
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 14/34 · Moderate