A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Patch | Gnu | * | 2.7.6 (including) |
| Red Hat Enterprise Linux 7 | RedHat | patch-0:2.7.1-11.el7 | * |
| Patch | Ubuntu | artful | * |
| Patch | Ubuntu | bionic | * |
| Patch | Ubuntu | cosmic | * |
| Patch | Ubuntu | disco | * |
| Patch | Ubuntu | eoan | * |
| Patch | Ubuntu | focal | * |
| Patch | Ubuntu | groovy | * |
| Patch | Ubuntu | hirsute | * |
| Patch | Ubuntu | impish | * |
| Patch | Ubuntu | kinetic | * |
| Patch | Ubuntu | lunar | * |
| Patch | Ubuntu | mantic | * |
| Patch | Ubuntu | oracular | * |
| Patch | Ubuntu | plucky | * |
| Patch | Ubuntu | precise/esm | * |
| Patch | Ubuntu | trusty | * |
| Patch | Ubuntu | trusty/esm | * |
| Patch | Ubuntu | xenial | * |
Potential Mitigations
References
- http://www.securityfocus.com/bid/103047
- https://access.redhat.com/errata/RHSA-2019:2033
- https://savannah.gnu.org/bugs/index.php?53133
- https://security.gentoo.org/glsa/201904-17
- http://www.securityfocus.com/bid/103047
- https://access.redhat.com/errata/RHSA-2019:2033
- https://savannah.gnu.org/bugs/index.php?53133
- https://security.gentoo.org/glsa/201904-17