CVE-2026-56288

NameCVE-2026-56288
DescriptionGNU patch is vulnerable to a NULL pointer dereference when processing ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
patch (PTS)bookworm, bullseye2.7.6-7vulnerable
forky, sid, trixie2.8-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
patchsource(unstable)(unfixed)unimportant

Notes

https://cert.pl/en/posts/2026/07/CVE-2026-56288/
https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=e6d6a4e021660679d7fc9150f981d4920f722313
Crash in CLI tool, no security impact

Search for package or bug name: Reporting problems