Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta

Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relative path...

Malicious Package

Overview mender-binary-delta is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-35764

Malicious code in mender-binary-delta npm...

Malicious code in mender-binary-delta (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3acd5fd0dbb470fbbeb432988f6b61ba77541759f80b2ebd98150b3183ee8a2a Any computer that has this package installed or running should be considered...

MAL-2025-48568 Malicious code in mender-binary-delta (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3acd5fd0dbb470fbbeb432988f6b61ba77541759f80b2ebd98150b3183ee8a2a Any computer that has this package installed or running should be considered...

EUVD-2016-0017

Malware in sbrugna...

Arbitrary Code Execution

Mercurial is vulnerable to a Arbitrary Code Execution. The vulnerability is due to incorrect bound checks in the binary delta decoder which allows an attacker to execute arbitrary code via a clone, push, or pull command, related to either list sizing rounding error or short records...

SUSE CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

SUSE CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

EulerOS 2.0 SP3 : mercurial (EulerOS-SA-2022-1747)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository...

GHSA-9VJF-JJCQ-3GH7 Mercurial arbitrary code execution vulnerability

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

SUSE SLED15 / SLES15 Security Update : libgit2 (SUSE-SU-2018:2469-1)

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed : - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

Debian DLA-1477-1 : libgit2 security update

CVE-2018-15501 A potential out-of-bounds read when processing a 'ng' smart packet might lead to a Denial of Service. CVE-2018-10887 A flaw has been discovered that may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. This might be...

Security update for libgit2 (important)

This update for libgit2 to version 0.26.5 fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10887: Fixed an integer overflow which in turn leads to an out of bound read, allowing to read the base object, which could be exploited by an attacker to cause...

DEBIAN-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

ALPINE-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

UBUNTU-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

Amazon Linux AMI : mercurial (ALAS-2016-697)

It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. CVE-2016-3068 The binary delta decoder in Mercurial before 3.7.3 allows remote...