556 matches found
abacuz (=0.1.1), almel (>=1.2.0 <=1.3.0) +531 more potentially affected by CVE-2023-22742 via libgit2-sys (>=0.10.0 <=0.13.2+1.4.2)
libgit2-sys CARGO version =0.10.0, =1.2.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2023-22742 Source advisory: OSV:GHSA-M4CH-RFV5-X5G3...
GHSA-M4CH-RFV5-X5G3 git2-rs fails to verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to...
git2-rs fails to verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned CVE-2023-22742 to...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742 vulnerabilities
Vulnerabilities for packages: libgit2-1.5...
DEBIAN-CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
AZL-13175 CVE-2023-22742 affecting package rust for versions less than 1.68.0-1
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
Design/Logic Flaw
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
UBUNTU-CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
CVE-2023-22742 affects libgit2 when using SSH with the optional libssh2 backend. The issue is that certificate checking is not performed by default unless a certificate_check callback is explicitly configured in git_remote_callbacks, enabling potential MITM if server SSH keys are not validated. T...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
RUSTSEC-2023-0003 git2 does not verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...
abacuz (=0.1.1), almel (>=1.2.0 <=1.3.0) +531 more potentially affected by CVE-2023-22742 via libgit2-sys (>=0.10.0 <=0.13.2+1.4.2)
libgit2-sys CARGO version =0.10.0, =1.2.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2023-22742 Source advisory: OSV:RUSTSEC-2023-0003...
git2 does not verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...
libgit2 数据伪造问题漏洞
libgit2 is a portable, C implementation of the Git core development package. A data forgery issue vulnerability exists in libgit2 that stems from the fact that libgit2 does not perform certificate checking by default...