{"id":"AZL-35101","summary":"CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9","details":"GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.","modified":"2026-04-21T04:27:49.112307Z","published":"2018-04-06T13:29:00Z","upstream":["CVE-2018-1000156"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000156"}],"affected":[{"package":{"name":"patch","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/patch"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.6-9"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35101.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}