CVE-2018-20969

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
gnupatch
𝑥
≤ 2.7.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
patch
bookworm
2.7.6-7
fixed
bullseye
2.7.6-7
fixed
sid
2.7.6-7
fixed
trixie
2.7.6-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
patch
bionic
Fixed 2.7.6-2ubuntu1.1
released
disco
Fixed 2.7.6-3ubuntu0.1
released
trusty
Fixed 2.7.1-4ubuntu2.4+esm1
released
xenial
Fixed 2.7.5-1ubuntu0.16.04.2
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
patch
RHEL 7
0:2.7.1-12.el7_7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
patch
Amazon Linux 1
0:2.7.1-12.14.amzn1
fixed
Amazon Linux 2
0:2.7.1-12.amzn2
fixed
patch-debuginfo
Amazon Linux 1
0:2.7.1-12.14.amzn1
fixed
Amazon Linux 2
0:2.7.1-12.amzn2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
patch
Azure Linux 3.0
0:2.7.6-9.azl3
fixed
CBL-Mariner 1.0
0:2.7.6-7.cm1
fixed
CBL-Mariner 2.0
0:2.7.6-7.cm2
fixed