Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-A7A3C8CCDD.NASL
HistoryFeb 17, 2024 - 12:00 a.m.

Fedora 38 : libgit2 (2024-a7a3c8ccdd)

2024-02-1700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
fedora 38
libgit2
vulnerabilities
patch
heap corruption
arbitrary code execution
denial of service
cve-2024-24577
cve-2024-24575
nessus

7.8 High

AI Score

Confidence

Low

JSON

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a7a3c8ccdd advisory.

  • libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_index_add can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the has_dir_name function in src/libgit2/index.c, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. (CVE-2024-24577)

  • libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_revparse_single can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in src/libgit2/revparse.c uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2. (CVE-2024-24575)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-a7a3c8ccdd
#

include('compat.inc');

if (description)
{
  script_id(190641);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/17");

  script_cve_id("CVE-2024-24575", "CVE-2024-24577");
  script_xref(name:"FEDORA", value:"2024-a7a3c8ccdd");

  script_name(english:"Fedora 38 : libgit2 (2024-a7a3c8ccdd)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-a7a3c8ccdd advisory.

  - libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid
    API, allowing to build Git functionality into your application. Using well-crafted inputs to
    `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is
    an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be
    freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to
    controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary
    code execution. This issue has been patched in version 1.6.5 and 1.7.2. (CVE-2024-24577)

  - libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid
    API, allowing to build Git functionality into your application. Using well-crafted inputs to
    `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of
    Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop
    to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to
    force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the
    extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not
    affected. Users should upgrade to version 1.6.5 or 1.7.2. (CVE-2024-24575)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-a7a3c8ccdd");
  script_set_attribute(attribute:"solution", value:
"Update the affected libgit2 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-24577");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:38");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libgit2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^38([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'libgit2-1.6.5-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libgit2');
}
VendorProductVersionCPE
fedoraprojectfedora38cpe:/o:fedoraproject:fedora:38
fedoraprojectfedoralibgit2p-cpe:/a:fedoraproject:fedora:libgit2

Related

nessus 12
openvas 39
amazon 1
fedora 35
redos 1
debian 2
osv 6
ubuntu 1
wolfi 2
prion 2
ubuntucve 3
alpinelinux 2
cgr 2
cve 2
debiancve 2
cbl_mariner 2
redhatcve 2
veracode 2
freebsd 1
mageia 1
nessus
nessus
Fedora 39 : libgit2_1.6 (2024-605004a28e)
2024-02-17 00:00:00
Amazon Linux 2 : rust (ALAS-2024-2496)
2024-03-18 00:00:00
Debian dsa-5619 : libgit2-1.1 - security update
2024-02-10 00:00:00
openvas
openvas
Fedora: Security Advisory for rust-silver (FEDORA-2024-993d3a78dd)
2024-02-23 00:00:00
Fedora: Security Advisory for rust-pretty-git-prompt (FEDORA-2024-8ba389815f)
2024-02-20 00:00:00
Fedora: Security Advisory for rust-libgit2-sys (FEDORA-2024-993d3a78dd)
2024-02-23 00:00:00
amazon
amazon
Important: rust
2024-03-13 20:26:00
fedora
fedora
[SECURITY] Fedora 39 Update: rust-shadow-rs-0.8.1-8.fc39
2024-02-20 01:40:35
[SECURITY] Fedora 39 Update: rust-pretty-git-prompt-0.2.1-20.fc39
2024-02-20 01:40:34
[SECURITY] Fedora 38 Update: rust-git2-0.18.2-1.fc38
2024-02-22 02:43:26
redos
redos
ROS-20240410-13
2024-04-10 00:00:00
debian
debian
[SECURITY] [DSA 5619-1] libgit2 security update
2024-02-09 19:16:16
[SECURITY] [DLA 3742-1] libgit2 security update
2024-02-27 09:21:27
osv
osv
Memory corruption, denial of service, and arbitrary code execution in libgit2
2024-02-06 12:00:00
CVE-2024-24575
2024-02-06 22:16:15
libgit2 vulnerabilities
2024-03-05 18:46:35
ubuntu
ubuntu
libgit2 vulnerabilities
2024-03-05 00:00:00
wolfi
wolfi
CVE-2024-24575 vulnerabilities
2024-05-13 09:06:53
CVE-2024-24577 vulnerabilities
2024-05-13 09:06:53
prion
prion
Improper access control
2024-02-06 22:16:00
Heap overflow
2024-02-06 22:16:00
ubuntucve
ubuntucve
CVE-2024-24575
2024-02-06 00:00:00
CVE-2024-24577
2024-02-06 00:00:00
CVE-2024-25817
2024-03-06 00:00:00
alpinelinux
alpinelinux
CVE-2024-24577
2024-02-06 22:16:15
CVE-2024-24575
2024-02-06 22:16:15
cgr
cgr
CVE-2024-24575 vulnerabilities
2024-05-13 09:06:52
CVE-2024-24577 vulnerabilities
2024-05-13 09:06:52
cve
cve
CVE-2024-24577
2024-02-06 22:16:15
CVE-2024-24575
2024-02-06 22:16:15
debiancve
debiancve
CVE-2024-24577
2024-02-06 22:16:15
CVE-2024-24575
2024-02-06 22:16:15
cbl_mariner
cbl_mariner
CVE-2024-24577 affecting package libgit2 for versions less than 1.6.5-1
2024-02-28 17:38:28
CVE-2024-24575 affecting package libgit2 for versions less than 1.6.5-1
2024-02-28 17:38:28
redhatcve
redhatcve
CVE-2024-24575
2024-02-07 00:29:30
CVE-2024-24577
2024-02-07 01:02:03
veracode
veracode
Denial Of Service( DoS)
2024-02-07 08:07:20
Heap Buffer Overflow
2024-02-07 07:11:54
freebsd
freebsd
Libgit2 -- multiple vulnerabilities
2024-02-06 00:00:00
mageia
mageia
Updated libgit2 packages fix security vulnerabilities
2024-03-14 20:25:59

7.8 High

AI Score

Confidence

Low

JSON
Related for FEDORA_2024-A7A3C8CCDD.NASL
nessus12openvas39amazon1fedora35redos1debian2osv6ubuntu1wolfi2prion2ubuntucve3alpinelinux2cgr2cve2debiancve2cbl_mariner2redhatcve2veracode2freebsd1mageia1