mercurial is vulnerable to buffer overflows. The application does not properly parse the patch binaries, allowing a malicious user to pass a patch file to the application to cause a buffer overflow, crashing the application or causing arbitrary code to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
mercurial | le | 4.6 | |
mercurial:stretch | eq | 4.0-1+deb9u1 |