Vulnerability Description
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mercurial | Mercurial | < 4.6.1 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:2276
- https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- https://www.mercurial-scm.org/repo/hg/rev/faa924469635PatchThird Party Advisory
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2276
- https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- https://www.mercurial-scm.org/repo/hg/rev/faa924469635PatchThird Party Advisory
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29Third Party Advisory
FAQ
What is CVE-2018-13346?
CVE-2018-13346 is a vulnerability with a CVSS score of 7.5 (HIGH). The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
How severe is CVE-2018-13346?
CVE-2018-13346 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13346?
Check the references section above for vendor advisories and patch information. Affected products include: Mercurial Mercurial.