{"id":"CVE-2018-13347","details":"mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.","aliases":["GHSA-3mjj-mr4f-qxmx","PYSEC-2018-89"],"modified":"2026-04-16T06:17:55.395234921Z","published":"2018-07-06T00:29:00.297Z","related":["SUSE-SU-2018:1990-1","SUSE-SU-2018:1996-1","SUSE-SU-2018:1998-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2276"},{"type":"ADVISORY","url":"https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29"},{"type":"FIX","url":"https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A"},{"type":"FIX","url":"https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.6.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-13347.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}