Buffer Overread Vulnerability in Mercurial's mpatch_decode Function

Buffer Overread Vulnerability in Mercurial's mpatch_decode Function

CVE-2018-13348 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

Learn more about our Web Application Penetration Testing UK.