Miggo Logo

CVE-2018-6951: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated...

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.95651%
Published
5/14/2022
Updated
2/2/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description directly points to the intuit_diff_type function in pch.c as the location of the NULL pointer dereference. The provided commit diff shows changes made to this specific function to address the issue. The patch adds a check for p_name[reverse] before it's used, which was missing previously and could lead to dereferencing a NULL pointer if p_name[reverse] was NULL during a rename or copy operation. This aligns with the 'mangled rename' issue mentioned in the description.

Based on the fetched content of the commit URL, the vulnerable function is intuit_diff_type in the file src/pch.c. The patch modifies a conditional statement within this function. The original code was p_name[! reverse] && name_is_valid (p_name[! reverse]). The fix adds a check for p_name[reverse]: p_name[reverse] && p_name[! reverse] && name_is_valid (p_name[reverse]) && name_is_valid (p_name[! reverse]). This change indicates that p_name[reverse] could have been NULL and accessed, leading to the NULL pointer dereference. The vulnerability description also explicitly mentions this function and the nature of the flaw ('mangled rename' issue).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *NU p*t** t*rou** *.*.*. T**r* is * s**m*nt*tion **ult, *sso*i*t** wit* * NULL point*r **r***r*n**, l***in* to * **ni*l o* s*rvi** in t** intuit_*i**_typ* *un*tion in p**.*, *k* * "m*n*l** r*n*m*" issu*.

Reasoning

T** vuln*r**ility **s*ription *ir**tly points to t** `intuit_*i**_typ*` *un*tion in `p**.*` *s t** lo**tion o* t** NULL point*r **r***r*n**. T** provi*** *ommit *i** s*ows ***n**s m*** to t*is sp**i*i* *un*tion to ***r*ss t** issu*. T** p*t** ***s *