CVE-2015-1196

Name: CVE-2015-1196
Creator: NVD / NIST
Published: 2015-01-21T18:59:57.217+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.10%

Last modified Jun 17, 2026

CVE-2015-1196 is a vulnerability of currently unknown severity. GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.. EPSS estimates a 6.10% chance of exploitation in the next 30 days.

Description

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Metrics

EPSS Probability

6.10%

92.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-59

Affected Software

Vendor	Product	Versions
Opensuse	Opensuse	13.1
Opensuse	Opensuse	13.2
Oracle	Solaris	11.2
Gnu	Patch	2.7.1

References

http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3Patch
http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.htmlThird Party Advisory
http://seclists.org/oss-sec/2015/q1/173Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
http://www.securityfocus.com/bid/72074Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=1182154Issue Tracking, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/99967
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3Patch
http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.htmlThird Party Advisory
http://seclists.org/oss-sec/2015/q1/173Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
http://www.securityfocus.com/bid/72074Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=1182154Issue Tracking, Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/99967

Timeline

Published: Jan 21, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-1196?

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

How severe is CVE-2015-1196?

Severity scoring for CVE-2015-1196 is pending analysis. The EPSS model estimates a 6.10% probability of exploitation in the next 30 days.

How do I fix CVE-2015-1196?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-1196?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST