12 matches found
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...
PT-2026-45019
Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...
Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relative path...
SUSE CVE-2018-10887
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...
libgit2 Denial of Service Vulnerability (CNVD-2018-20567)
libgit2 is a portable, C implementation of the Git core development kit . A security vulnerability exists in libgit2 versions prior to 0.27.3, which stems from a lack of security detection in the 'gitdeltaapply' function of the delta.c file. An attacker can exploit this vulnerability to cause a...
libgit2 integer overflow vulnerability (CNVD-2019-06643)
libgit2 is a portable, C implementation of the Git core development kit . An integer overflow vulnerability exists in the 'gitdeltaapply' function of the delta.c file in versions of libgit2 prior to 0.27.3, which can be exploited by an attacker to disclose a memory address or cause a denial of...
CVE-2018-10888
A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...
UBUNTU-CVE-2018-10887
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...
DEBIAN-CVE-2018-10888
A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...
ALPINE-CVE-2018-10887
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...
ALPINE-CVE-2018-10888
A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...
UBUNTU-CVE-2018-10888
A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...