9 matches found
go-git 安全漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.17.1 contained a security vulnerability. This vulnerability stemmed from a specially crafted .idx file, which could lead to asymmetric memory consumption, potentially exhausting...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of .idx files. An attacker with write access to the local repository's .git directory can exhaust system memory by introducing a maliciously crafted .idx file int...
GHSA-JHF3-XXHW-2WPP go-git: Maliciously crafted idx file can cause asymmetric memory consumption
Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...
Linux Distros Unpatched Vulnerability : CVE-2018-8098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial...
SUSE CVE-2018-8098
Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...
DEBIAN-CVE-2018-8099
Incorrect returning of an error code in the index.c:readentry function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file...
DEBIAN-CVE-2018-8098
Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...
UBUNTU-CVE-2018-8098
Integer overflow in the index.c:readentry function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service out-of-bounds read via a crafted repository index file...
Libgit2 Integer Overflow Vulnerability
libgit2 is a portable, pure C implementation of the Git core development kit , you can use it to write custom Git applications . An integer overflow vulnerability exists in the index.c:readentry function in versions of libgit2 prior to 0.26.2 when decompressing the length of a compressed prefix. ...