libgit2/objects_fuzzer: Heap-buffer-overflow in prefixcmp

Project: https://github.com/libgit2/libgit2.git Detailed report: https://oss-fuzz.com/testcase?key=5740236580061184 Project: libgit2 Fuzzer: libFuzzerlibgit2objectsfuzzer Fuzz target binary: objectsfuzzer Job Type: libfuzzerasanlibgit2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1...

libgit2/objects_fuzzer: Heap-buffer-overflow in git_buf_vprintf

Project: https://github.com/libgit2/libgit2.git Detailed report: https://oss-fuzz.com/testcase?key=5727770101940224 Project: libgit2 Fuzzer: libFuzzerlibgit2objectsfuzzer Fuzz target binary: objectsfuzzer Job Type: libfuzzerasanlibgit2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 13...

libgit2/objects_fuzzer: Heap-buffer-overflow in tag_parse

Project: https://github.com/libgit2/libgit2.git Detailed report: https://oss-fuzz.com/testcase?key=5631127230873600 Project: libgit2 Fuzzer: libFuzzerlibgit2objectsfuzzer Fuzz target binary: objectsfuzzer Job Type: libfuzzerasanlibgit2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 2...

FreeBSD : Libgit2 -- multiple vulnerabilities (8c08ab4c-d06c-11e8-b35c-001b217b3468)

The Git community reports : Multiple vulnerabilities. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled'...

Fedora 27 : libgit2 (2018-7d993184f6)

Update to 0.26.7 CVE-2018-17456 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

Fedora Update for libgit2 FEDORA-2018-7d993184f6

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: libgit2-0.26.7-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

[SECURITY] Fedora 29 Update: libgit2-0.27.5-1.fc29

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

openSUSE Security Update : libgit2 (openSUSE-2018-922)

This update for libgit2 to version 0.26.5 fixes the following issues : The following security vulnerabilities were addressed : - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to caus...

[SECURITY] [DLA 1477-1] libgit2 security update

Package : libgit2 Version : 0.21.1-3+deb8u1 CVE ID : CVE-2018-10887 CVE-2018-10888 CVE-2018-15501 CVE-2018-15501 A potential out-of-bounds read when processing a "ng" smart packet might lead to a Denial of Service. CVE-2018-10887 A flaw has been discovered that may lead to an integer overflow whi...

Security update for libgit2 (important)

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

Debian: Security Advisory (DLA-1477-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-1477-1 libgit2 - security update

Bulletin has no description...

SUSE-SU-2018:2469-1 Security update for libgit2

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

Fedora 27 : libgit2 (2018-ca483ae3e0)

This is a security release fixing out-of-bounds reads when processing smart-protocol 'ng' packets. When parsing an 'ng' packet, we keep track of both the current position as well as the remaining length of the packet itself. But instead of taking care not to exceed the length, we pass the current...

Fedora Update for libgit2 FEDORA-2018-ca483ae3e0

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

DEBIAN-CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

ALPINE-CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...