A vulnerability in the manifest-parsing C code of Mercurial could allow a local attacker to cause an out-of-bounds read condition on a targeted system.
The vulnerability exists in the cext/manifest.c file of the affected software and is due to improper parsing of manifest entries. An attacker could exploit this vulnerability by sending a manifest entry that submits malicious input to the targeted system. An exploit could trigger an out-of-bounds read condition that the attacker could use to access sensitive information or cause a denial of service (DoS) condition.
Mercurial has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium