CVE-2018-13348: Input Validation

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2018-13348.

Q: What is the severity of CVE-2018-13348?

The severity of CVE-2018-13348 is high with a CVSS score of 7.5.

Q: What software is affected by CVE-2018-13348?

Mercurial versions up to and excluding 4.6.1 are affected by CVE-2018-13348.

Q: How does the vulnerability in CVE-2018-13348 manifest?

The vulnerability in CVE-2018-13348 manifests in the mishandling of certain situations in the mpatch_decode function in Mercurial before 4.6.1.

Q: Is there a fix available for CVE-2018-13348?

Yes, the fix for CVE-2018-13348 is included in Mercurial version 4.6.1 and later.

Published Jul 6, 2018

Updated

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

Other sources

Affected Software

2 affected componentsFixes available

pip/mercurial<4.6.1

4.6.1

Mercurial Mercurial<4.6.1

Remediation

Patch Available

https://www.mercurial-scm.org/repo/hg/rev/90a274965de7

Event History

Jul 6, 2018

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

May 13, 2022

Advisory Published

via GitHub·01:24 AM

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2018-13348.

What is the severity of CVE-2018-13348?

The severity of CVE-2018-13348 is high with a CVSS score of 7.5.

What software is affected by CVE-2018-13348?