patch is vulnerable to arbitrary code execution attacks. The vulnerability exists as GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility.
CPE | Name | Operator | Version |
---|---|---|---|
patch | eq | 2.6__6.el6 |