<p>There is no fixed version for <code>Debian:9</code> <code>mercurial</code>.</p>

Out-of-bounds Read Affecting mercurial package, versions *

Threat Intelligence

0.24% (65^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN9-MERCURIAL-311048
published 4 Oct 2018
disclosed 4 Oct 2018

Report a new vulnerability Found a mistake?

Introduced: 4 Oct 2018

CVE-2018-17983 Open this link in a new tab CWE-125 Open this link in a new tab

How to fix?

There is no fixed version for Debian:9 mercurial.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mercurial package and not the mercurial package as distributed by Debian. See How to fix? for Debian:9 relevant fixed versions and status.

cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.

References

https://security-tracker.debian.org/tracker/CVE-2018-17983
https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29
http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17983