CVE-2015-1416

Name: CVE-2015-1416
Creator: NVD / NIST
Published: 2018-02-05T16:29:00.223+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.54%

Last modified Jun 17, 2026

CVE-2015-1416 is a vulnerability of currently unknown severity. Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.. EPSS estimates a 3.54% chance of exploitation in the next 30 days.

Description

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

Metrics

EPSS Probability

3.54%

87.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Freebsd	Freebsd	10.0
Freebsd	Freebsd	10.1
Freebsd	Freebsd	10.2

References

http://www.openwall.com/lists/oss-security/2015/07/30/9Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/01/4Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/02/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/02/6Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/76116Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1033110Third Party Advisory, VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.ascVendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/30/9Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/01/4Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/02/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/08/02/6Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/76116Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1033110Third Party Advisory, VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.ascVendor Advisory

Timeline

Published: Feb 5, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-1416?

How severe is CVE-2015-1416?

Severity scoring for CVE-2015-1416 is pending analysis. The EPSS model estimates a 3.54% probability of exploitation in the next 30 days.

How do I fix CVE-2015-1416?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-1416?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST