CVE-2026-56288: CWE-476 NULL Pointer Dereference in GNU patch
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service. This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
AI Analysis
Technical Summary
CVE-2026-56288 is a NULL pointer dereference vulnerability in GNU patch triggered by maliciously crafted unified-diff patch files. The vulnerability arises from improper handling of consecutive end-of-file newline markers, corrupting internal hunk data structures and causing a NULL pointer to be passed to fwrite() during patch processing. This leads to a crash and denial of service. The issue has been addressed and fixed in commit e6d6a4e021660679d7fc9150f981d4920f722313.
Potential Impact
An attacker can cause the GNU patch utility to crash by supplying a specially crafted patch file, resulting in denial of service. There is no indication of code execution or data corruption beyond the crash. No known exploits are reported in the wild.
Mitigation Recommendations
A fix for this vulnerability is available and has been committed (commit e6d6a4e021660679d7fc9150f981d4920f722313). Users should update GNU patch to the fixed version containing this commit. Patch status is not explicitly confirmed in the advisory; therefore, verify the vendor advisory or source repository for the fixed version and apply the update accordingly.
CVE-2026-56288: CWE-476 NULL Pointer Dereference in GNU patch
Description
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk (single block of changes in diff) data structures, causing the application to pass a NULL pointer to fwrite() during patch processing. An attacker can trigger this condition with a malicious patch file, causing the utility to crash and resulting in a denial of service. This issue has been fixed in the commit e6d6a4e021660679d7fc9150f981d4920f722313
CVSS v4.0
Score 4.6medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-56288 is a NULL pointer dereference vulnerability in GNU patch triggered by maliciously crafted unified-diff patch files. The vulnerability arises from improper handling of consecutive end-of-file newline markers, corrupting internal hunk data structures and causing a NULL pointer to be passed to fwrite() during patch processing. This leads to a crash and denial of service. The issue has been addressed and fixed in commit e6d6a4e021660679d7fc9150f981d4920f722313.
Potential Impact
An attacker can cause the GNU patch utility to crash by supplying a specially crafted patch file, resulting in denial of service. There is no indication of code execution or data corruption beyond the crash. No known exploits are reported in the wild.
Mitigation Recommendations
A fix for this vulnerability is available and has been committed (commit e6d6a4e021660679d7fc9150f981d4920f722313). Users should update GNU patch to the fixed version containing this commit. Patch status is not explicitly confirmed in the advisory; therefore, verify the vendor advisory or source repository for the fixed version and apply the update accordingly.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-06-20T10:58:09.261Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4f797f68715ace432894f4
Added to database: 07/09/2026, 10:35:43 UTC
Last enriched: 07/09/2026, 10:48:59 UTC
Last updated: 07/10/2026, 03:36:19 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.