Wireshark - my_dgt_tbcd_unpack Static Buffer Overflow

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=649 The following crash due to a static buffer overflow can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tsha...

Ubuntu 14.04 LTS : Git vulnerability (USN-2835-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2835-1 advisory. Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this...

Wireshark - getRate Stack Out-of-Bounds Read

Source: https://code.google.com/p/google-security-research/issues/detail?id=641 The following crash due to a stack-based out-of-bounds memory read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

Ubuntu: Security Advisory (USN-2835-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wireshark - dissect_nbap_MACdPDU_Size SIGSEGV

Source: https://code.google.com/p/google-security-research/issues/detail?id=652 The following SIGSEGV crash due to an invalid memory read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut ---...

USN-2835-1 git vulnerability

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs...

USN-2835-1: Git vulnerability

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly handled recursive clones of git repositories. A remote attacker could possibly use this issue to execute arbitrary code by injecting commands via crafted URLs...

Square Open Source: Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone

While testing git-fastclone for the ext protocol issues in my other report, I looked at the source code and immediately noticed you're using the Cocaine0 library unsafely. Cocaine will protect from command injection but it "only does that for arguments interpolated via run, NOT arguments passed...

Amazon Linux AMI : git (ALAS-2015-613)

A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system. C...

git-fastclone Shell Metacharacter Injection Arbitrary Command Execution

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...

Amazon Linux: Security Advisory (ALAS-2015-613)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: git

Issue Overview: A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the...

Unspecified Vulnerability in Apple Xcode GIT

Apple Xcode is an integrated development tool IDE that runs on the operating system Mac OS X. It is used for the development of the Mac OS X operating system and for the development of the Mac OS X operating system. Apple Xcode GIT suffers from multiple security vulnerabilities, no vulnerability...

CVE-2015-7082

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases...

Code injection

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases...

CVE-2015-7082

CVE-2015-7082 refers to multiple unspecified vulnerabilities in Git prior to 2.5.4, as used by Apple Xcode prior to 7.2. The connected document details a concrete root cause: a flaw in the git-remote-ext component that can be triggered by handling a specially crafted URL, enabling a remote attack...

CVE-2015-7082

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases...

git-fastclone permits arbitrary shell command execution from .gitmodules

Git allows executing arbitrary shell commands using git-remote-ext via a remote URLs. Normally git never requests URLs that the user doesn't specifically request, so this is not a serious security concern. However, submodules did allow the remote repository to specify what URL to clone from. If a...

Square Open Source: git-fastclone allows arbitrary command execution through usage of ext remote URLs in submodules

I recently discovered a security vulnerability in git that also affects other programs that manually reimplement submodule-like operations. The recent security update to git0 concerning git-remote-ext URLs in submodules affects git-fastclone similarly. This bug was patched in Git v2.6.1, v2.5.4,...

CentOS 7 : git (CESA-2015:2561)

Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from th...