7.5

CVSS Score

3.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-6952

CVE-2018-6952: A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2018-6952

CVE-2018-6952:

7.5

CVSS Score

3.0

-

CVSS Score

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The primary evidence comes from the bug report on Savannah (bug #53133) for GNU patch. The report includes a stack trace from AddressSanitizer that pinpoints the double free to the function 'another_hunk' in 'src/pch.c'. The vulnerability description also explicitly names 'another_hunk' as the location of the double free. Although a commit ID for the fix (9c986353e4) is mentioned, attempts to fetch the commit details failed. Therefore, the analysis relies on the textual information and stack trace provided in the bug report. The function 'main' is also in the stack trace as a caller of 'another_hunk', but the vulnerability itself (the double free operation) is located within 'another_hunk'.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2018-6952: A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

CVE-2018-6952:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2018-6952: A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

7.5

7.5

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI