-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mercurial | pip | < 4.6.1 | 4.6.1 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies mpatch_apply in mpatch.c as the vulnerable function. The Mercurial commit faa924469635 shows the fix added a 'f->start > len' check to the validation logic, confirming the missing bounds check was the root cause. The CVE, GHSA, and Red Hat advisory all corroborate this function as the vulnerability location.