DEBIAN-CVE-2020-12278

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...

DEBIAN-CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

Denial Of Service (DoS)

libgit2 is vulnerable to denial of service DoS attacks. The vulnerability exists due to the incorrect return of an error code in readentry of index.c, causing a denial of service DoS through a double free issue when parsing a malicious repository index...

UBUNTU-CVE-2016-10129

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...

libgit2 Security Bypass Vulnerability

libgit2 is a portable, C implementation of the Git core development kit . A security bypass vulnerability exists in the badssl.c file in libgit versions 20.25 and 0.24. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack, bypass security restrictions and perform...