-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe security patch modifies mpatch_decode's input validation in mpatch.c. The critical change replaces 'pos < len' with 'pos < (len - 11)' to ensure 12 bytes remain for safe parsing. This directly addresses the improper input validation described in CVE-2018-13348 where insufficient buffer length checks could lead to exploitation. The function name and file path match across all vulnerability descriptions and patch evidence.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mercurial | pip | < 4.6.1 | 4.6.1 |
A Semantic Attack on Google Gemini - Read the Latest Research