CVE-2018-13346: Mercurial Improper Input Validation vulnerability
(updated )
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
References
- access.redhat.com/errata/RHSA-2019:2276
- github.com/advisories/GHSA-9xv4-r2hf-26gh
- github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-88.yaml
- lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- nvd.nist.gov/vuln/detail/CVE-2018-13346
- www.mercurial-scm.org/repo/hg/rev/faa924469635
- www.mercurial-scm.org/wiki/WhatsNew
Code Behaviors & Features
Detect and mitigate CVE-2018-13346 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →