Mercurial Improper Input Validation vulnerability
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Sep 25, 2024
Description
Published by the National Vulnerability Database
Jul 6, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
May 1, 2024
Last updated
Sep 25, 2024
The
mpatch_decode
function inmpatch.c
in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.References