suse · CVE-2018-13348

Quick triage

Priority: medium Published: 2021-05-30 14:14:54 UTC Updated: 2026-04-17 15:22:15 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-13348 severity moderate: SUSE including 14 source package names (mercurial-2.3.2-0.18.9.1, mercurial-2.8.2-15.13.1, …), 22 product×package rows across 18 product lines (SUSE Linux Enterprise Module for Basesystem 15 SP4, SUSE Linux Enterprise Module for Basesystem 15 SP5, … (18 product lines)): Fixed 22.

Description:

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

cvelogic Threat Intelligence