PT-2023-1296 · Libssh2 +6 · Libssh2 +6

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 1.4.5 libgit2 versions prior to 1.5.1 Description: The issue is related to the lack of certificate checking by default when using an SSH remote with the optional libssh2 backend in libgit2. This means that clients wi...

git2 Rust package suppresses ssh host key checking

By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...

SUSE: Security Advisory (SUSE-SU-2022:3495-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : libgit2 (SUSE-SU-2022:3495-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3495-1 advisory. - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio...

SUSE: Security Advisory (SUSE-SU-2022:3494-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for libgit2 (SUSE-SU-2022:3495-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:3495-1 Security update for libgit2

This update for libgit2 fixes the following issues: - Fixed DoS by oob write in constructed commit object with a very large number of parents bsc1158981. - CVE-2019-1352: Fixed git on Windows being unaware of NTFS Alternate Data Streams bnc1158790. - CVE-2022-24765: Fixed potential command...

SUSE-SU-2022:3494-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2022-24765: Fixed potential command injection via git worktree bsc1198234. - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 bsc1201431...

The vulnerability in the checkout.c component of the Git method implementation in the Libgit2 C language allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the checkout.c component, which implements Git methods in the C language using Libgit2, is related to the use of a name with an incorrect reference. Exploiting this vulnerability allows an attacker who operates remotely to access confidential data, compromise its integrity, a...

The vulnerability of the path.c component in the Git method implementation in the Libgit2 C language allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the path.c component in the Git method implementation in the C language using Libgit2 involves the use of a name with an incorrect reference. Exploiting this vulnerability allows an attacker who operates remotely to access confidential data, compromise its integrity, and caus...

The vulnerability of the ng_pkt function in the transports/smart_pkt.c component of the Libgit2 C library methods allows a attacker to cause a service failure.

The vulnerability of the ngpkt function in the transports/smartpkt.c component of the Git methods implemented in the C language, Libgit2, relates to reading data from beyond the buffer’s acceptable limits. Exploiting this vulnerability allows a remote attacker to cause service failures...

The vulnerability of the `git_delta_apply` function in the `delta.c` component of the Git methods implementation in the C language, Libgit2, allows a attacker to trigger a service failure.

The vulnerability of the gitdeltaapply function in the delta.c component of the Git methods implementation in the C language, part of Libgit2, relates to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to trigger a service failure remotely...

SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2022:3283-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3283-1 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users worki...

openSUSE: Security Advisory for libgit2 (SUSE-SU-2022:3283-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:3283-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:3283-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2022-24765: Fixed potential command injection via git worktree bsc1198234. - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 bsc1201431...

Fedora: Security Advisory for libgit2 (FEDORA-2022-dc3e8972a1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: libgit2-1.3.1-1.fc36

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

GHSA-6VVC-C2M3-CJF3 JGit Improper Input Validation vulnerability

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine; libgit2; Egit; and JGit allow remote Git servers to execute arbitrary commands via a tree...

JGit Improper Input Validation vulnerability

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine; libgit2; Egit; and JGit allow remote Git servers to execute arbitrary commands via a tree...