Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 7:45 p.m.17 views

Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta

Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...

5.8AI score0.00029EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.13 views

Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta

Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relative path...

5.9AI score0.00029EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45019

Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...

6.1CVSS5.8AI score0.00029EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/14 12:0 a.m.5 views

The vulnerability of the `git_delta_apply` function in the `delta.c` component of the Git methods implementation in the C language, Libgit2. This vulnerability allows an attacker to access confidential data and also trigger a denial-of-service attack.

The vulnerability of the gitdeltaapply function in the delta.c component of the Git methods implementation in the C language, part of Libgit2, relates to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to gain access to confidential data and also...

9.4CVSS7.1AI score0.02051EPSS
Exploits0References9Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.1 views

SUSE CVE-2018-10887

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...

6.5CVSS9.2AI score0.02051EPSS
Exploits0References7
CNVD
CNVD
added 2018/07/12 12:0 a.m.5 views

libgit2 Denial of Service Vulnerability (CNVD-2018-20567)

libgit2 is a portable, C implementation of the Git core development kit . A security vulnerability exists in libgit2 versions prior to 0.27.3, which stems from a lack of security detection in the 'gitdeltaapply' function of the delta.c file. An attacker can exploit this vulnerability to cause a...

6.5CVSS6.6AI score0.01848EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/11 12:0 a.m.4 views

libgit2 integer overflow vulnerability (CNVD-2019-06643)

libgit2 is a portable, C implementation of the Git core development kit . An integer overflow vulnerability exists in the 'gitdeltaapply' function of the delta.c file in versions of libgit2 prior to 0.27.3, which can be exploited by an attacker to disclose a memory address or cause a denial of...

8.1CVSS7.6AI score0.02051EPSS
Exploits0References1
OSV
OSV
added 2018/07/10 2:29 p.m.2 views

ALPINE-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

6.5CVSS6.4AI score0.01848EPSS
Exploits0References1
OSV
OSV
added 2018/07/10 2:29 p.m.2 views

UBUNTU-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

6.5CVSS6.8AI score0.01848EPSS
Exploits0References4
OSV
OSV
added 2018/07/10 2:29 p.m.2 views

UBUNTU-CVE-2018-10887

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...

8.1CVSS7AI score0.02051EPSS
Exploits0References4
OSV
OSV
added 2018/07/10 2:29 p.m.1 views

DEBIAN-CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

6.5CVSS7.2AI score0.01848EPSS
Exploits0References1
OSV
OSV
added 2018/07/10 2:29 p.m.31 views

CVE-2018-10888

A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service...

6.5CVSS6.3AI score
Exploits0References5
OSV
OSV
added 2018/07/10 2:29 p.m.3 views

ALPINE-CVE-2018-10887

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw...

8.1CVSS6.8AI score0.02051EPSS
Exploits0References1
Rows per page
Query Builder