CVE-2018-13348
Description
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
References
Vendor Advisory
Vendor AdvisoryPatch
CvssV3 impact
BaseSeverity | HIGH |
ConfidentialityImpact | NONE |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | NONE |
IntegrityImpact | HIGH |
PrivilegesRequired | NONE |
BaseScore | 7.5 |
VectorString | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Version | 3.0 |
UserInteraction | NONE |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:L/Au:N/C:N/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | LOW |
Authentication | NONE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 5 |