Search for packages
| purl | pkg:rpm/redhat/mercurial@2.6.2-10?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1kmd-1kun-qbdd
Aliases: CVE-2018-13346 GHSA-9xv4-r2hf-26gh PYSEC-2018-88 |
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | There are no reported fixed by versions. |
|
VCID-bahp-n5dx-2qeg
Aliases: CVE-2018-1000132 GHSA-4mr4-7vjv-9hm6 PYSEC-2018-87 |
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. | There are no reported fixed by versions. |
|
VCID-hhwu-knps-qqfw
Aliases: CVE-2018-13347 GHSA-3mjj-mr4f-qxmx PYSEC-2018-89 |
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:25:49.497530+00:00 | RedHat Importer | Affected by | VCID-bahp-n5dx-2qeg | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000132.json | 38.0.0 |
| 2026-04-01T14:24:30.082138+00:00 | RedHat Importer | Affected by | VCID-1kmd-1kun-qbdd | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13346.json | 38.0.0 |
| 2026-04-01T14:24:30.057262+00:00 | RedHat Importer | Affected by | VCID-hhwu-knps-qqfw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13347.json | 38.0.0 |