libgit2 Double Release Vulnerability

libgit2 is a portable, pure C implementation of the Git core development kit , you can use it to write custom Git applications . A double release vulnerability exists in versions of libgit2 prior to 0.26.2. The vulnerability arises because the index.c:readentry function fails to return the correc...

CVE-2018-8098

Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...

Libgit2 Integer Overflow Vulnerability

libgit2 is a portable, pure C implementation of the Git core development kit , you can use it to write custom Git applications . An integer overflow vulnerability exists in the index.c:readentry function in versions of libgit2 prior to 0.26.2 when decompressing the length of a compressed prefix. ...

CVE-2018-8099

Incorrect returning of an error code in the index.c:readentry function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file...

CVE-2018-8098

Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...

CVE-2018-8098

CVE-2018-8098 affects the libgit2 library: integer overflow in index.c:read_entry() during decompressing a compressed prefix length can cause a denial of service via an out-of-bounds read when processing a crafted repository index file. Affected versions are libgit2 before 0.26.2. Remediation: up...

CVE-2018-8099

CVE-2018-8099 affects the libgit2 library. The issue comes from an incorrect error code return in index.c:read_entry(), which can cause a double free and thus a denial of service when processing a crafted repository index file. The vulnerability is present in libgit2 releases before v0.26.2; mult...

MGASA-2017-0319 Updated libgit2 packages fix security vulnerabilities

Read out-of-bounds in gitoidnfmt CVE-2016-8568. DoS using a null pointer dereference in gitcommitmessage CVE-2016-8569. Insufficient sanitization allows some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer CVE-2016-10128, CVE-2016-10129...

Updated libgit2 packages fix security vulnerabilities

Read out-of-bounds in gitoidnfmt CVE-2016-8568. DoS using a null pointer dereference in gitcommitmessage CVE-2016-8569. Insufficient sanitization allows some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer CVE-2016-10128, CVE-2016-10129...

Denial Of Service (DoS) Via Buffer Overflow

libgit2 is vulnerable to denial of service DoS attacks and possibly other attacks. These attacks are possible through a bugger overflow in the gitpktparseline function. This overflow can be triggered using a non-flush packet...

Denial Of Service (DoS) Via NULL Pointer Dereference

libgit2 is vulnerable to denial of service DoS attacks. A malicious user can pass an empty packet line to the git smart protocol to cause a null pointer dereference that crashes the application...

CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

Hardcoded credentials

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

ALPINE-CVE-2016-10129

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...

CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

DEBIAN-CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

CVE-2016-10128

Buffer overflow in the gitpktparseline function in transports/smartpkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet...

ALPINE-CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

Null pointer dereference

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...

UBUNTU-CVE-2016-10129

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...