CVE-2019-20633

NameCVE-2019-20633
DescriptionGNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
patch (PTS)bookworm, bullseye2.7.6-7fixed
forky, sid, trixie2.8-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
patchsource(unstable)(not affected)

Notes

- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
https://savannah.gnu.org/bugs/index.php?56683
Search for package or bug name: Reporting problems