) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mercurial:mercurial:4.5.3:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-3902 |
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. Published: April 22, 2019; 12:29:01 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2018-17983 |
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. Published: October 04, 2018; 7:29:00 PM -0400 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
| CVE-2018-13348 |
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. Published: July 05, 2018; 8:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2018-13347 |
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. Published: July 05, 2018; 8:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-13346 |
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. Published: July 05, 2018; 8:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |