View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-13348 severity moderate: SUSE including 14 source package names (mercurial-2.3.2-0.18.9.1, mercurial-2.8.2-15.13.1, …), 22 product×package rows across 18 product lines (SUSE Linux Enterprise Module for Basesystem 15 SP4, SUSE Linux Enterprise Module for Basesystem 15 SP5, … (18 product lines)): Fixed 22.
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.