CVE-2015-1196 in GNU patch
Summary
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
Reservation
01/18/2015
Disclosure
01/21/2015
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 73739 | GNU patch link following | 59 | Not defined | Official fix | CVE-2015-1196 |
| 68629 | GNU Patch Temp File link following | 59 | High | Official fix | CVE-2015-1196 |