CVE-2010-4651

Description

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.

How to fix CVE-2010-4651

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/patch—no fix listed

Is CVE-2010-4651 being exploited?

Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4651