CVE-2018-13346 Information

Description

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data aka OVE-20180430-0004.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://access.redhat.com/errata/RHSA-2019:2276 https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html https://www.mercurial-scm.org/repo/hg/rev/faa924469635 https://www.mercurial-scm.org/wiki/WhatsNewMercurial_4.6.1_.282018-06-06.29

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5