CVE-2018-13347: Mercurial mishandles integer addition and subtraction
(updated )
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
References
- access.redhat.com/errata/RHSA-2019:2276
- github.com/advisories/GHSA-3mjj-mr4f-qxmx
- github.com/pypa/advisory-database/tree/main/vulns/mercurial/PYSEC-2018-89.yaml
- lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- nvd.nist.gov/vuln/detail/CVE-2018-13347
- www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
- www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
- www.mercurial-scm.org/wiki/WhatsNew
Detect and mitigate CVE-2018-13347 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →