GHSA-22Q8-GHMQ-63VF libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...

libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`

...

Debian: Security Advisory (DSA-5619-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-5619 : libgit2-1.1 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5619 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5619...

[SECURITY] [DSA 5619-1] libgit2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5619-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 09, 2024 https://www.debian.org/security/faq -...

DSA-5619-1 libgit2 - security update

Bulletin has no description...

FreeBSD : Libgit2 -- multiple vulnerabilities (43768ff3-c683-11ee-97d0-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 43768ff3-c683-11ee-97d0-001b217b3468 advisory. - libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a...

GHSA-3QX3-6HXR-J2CH eza Potential Heap Overflow Vulnerability for AArch64

Summary In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory. Details The vulnerability seems to be triggered by the .git directory in some projects. This issue may be...

eza Potential Heap Overflow Vulnerability for AArch64

Summary In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory. Details The vulnerability seems to be triggered by the .git directory in some projects. This issue may be...

SUSE CVE-2024-24575

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...

SUSE CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

Denial Of Service( DoS)

libgit2 is vulnerable to Denial of Service DoS. The vulnerability is caused due to improper validation within src/revparse.c. If an attacker is able to provide crafted input to the gitrevparsesingle function, an infinite loop can occur resulting in Denial of Service...

Heap Buffer Overflow

libgit2 is vulnerable to Heap Buffer Overflow. The vulnerability is due to improper handling of string paths in the hasdirname function within index.c. This logic in path processing may cause the application to crash, resulting in Denial of Service DoS...

CVE-2024-24577

A flaw was found in libgit2, a cross-platform, linkable library implementation of Git. A specially crafted payload to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. The attacker must be able to trigger two consecutive calls to gitindexadd with a filena...

CVE-2024-24575

A flaw was found in libgit2, a cross-platform, linkable library implementation of Git. This flaw allows an attacker using a specially-crafted payload to gitrevparsesingle and cause the function to enter an infinite loop. This issue potentially causes a denial of service attack in the calling...

AZL-34331 CVE-2024-24575 affecting package libgit2 for versions less than 1.6.5-1

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...

CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

CVE-2024-24575 vulnerabilities

Vulnerabilities for packages: libgit2, libgit2-1.5...

CVE-2024-24577 vulnerabilities

Vulnerabilities for packages: libgit2, libgit2-1.5...

DEBIAN-CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...