CVE-2024-24575 libgit2 is vulnerable to a denial of service attack in `git_revparse_single`

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...

a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +884 more potentially affected by CVE-2024-24575 +1 more via libgit2-sys (>=0.10.0 <=0.15.2+1.6.4)

libgit2-sys CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.2.0, =1.4.7 - amisgitpm =0.0.1 - android-cli =0.2.0 - angreal =2.0.0-rc.1 and more Source cves: CVE-2024-24575, CVE-2024-24577 Source advisory: OSV:RUSTSEC-2024-0013...

RUSTSEC-2024-0013 Memory corruption, denial of service, and arbitrary code execution in libgit2

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...

Memory corruption, denial of service, and arbitrary code execution in libgit2

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are: The gitrevparsesingle function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the...

libgit2 Security Vulnerabilities

libgit2 is a portable, C implementation of the Git core development package. A security vulnerability exists in libgit2. An attacker exploiting this vulnerability with a specially crafted "gitindexadd" input could cause heap corruption, which could lead to the execution of arbitrary code...

libgit2 Resource Management Error Vulnerability

libgit2 is a portable, C implementation of the Git core development package. A resource management error vulnerability exists in libgit2. An attacker exploiting this vulnerability with a specially crafted "gitrevparsesingle" input could cause the function to enter an infinite loop, which could le...

PT-2024-1690 · Libgit2 +4 · Libgit2 +4

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 1.7.2 Description: The issue is related to the git revparse single function, which can enter an infinite loop when provided with well-crafted inputs, potentially causing a Denial of Service attack. The revparse...

Libgit2 -- multiple vulnerabilities

Git community reports: A bug in gitrevparsesingle is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application A bug in gitrevparsesingle is fixed that could have caused the function to...

PT-2024-1689 · Libgit2 +5 · Libgit2 +5

Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 1.6.5 libgit2 versions prior to 1.7.2 Description: The issue is related to a heap corruption vulnerability in the has dir name function in src/libgit2/index.c, which can be exploited for arbitrary code execution. Thi...

libgit2: Privilege Escalation Vulnerability

Background libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API. Description A vulnerability has been discovered in libgit2. Please review the CVE identifier referenced below for details. Impact Usages of a malicious craft...

OESA-2023-1957 libgit2 security update

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Security Fixes: libgit2 is a cross-platform, linkable library...

Ubuntu 16.04 ESM : libgit2 vulnerabilities (USN-4798-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4798-1 advisory. It was discovered that libgit2 mishandled certain malformed git objects. A remote attacker could use this vulnerability to cause a denial of service...

Advisory ROSA-SA-2023-2235

Software: libgit2 1.4.5 OS: ROSA-CHROME packageevrstring: libgit2-1.4.5-1.src.rpm CVE-ID: CVE-2023-22742 BDU-ID: 2023-00574 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libssh2 library of the C Libgit2 implementation of Git methods is related to cryptographic signature verification errors...

SUSE SLES15 / openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1909-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1909-1 advisory. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2...

SUSE-SU-2023:1909-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1788-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1788-1 advisory. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the...

SUSE-SU-2023:1788-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2023-22742: Verify ssh remote host keys bsc1207364...

openSUSE 15 Security Update : libgit2 (SUSE-SU-2023:1570-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1570-1 advisory. - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform...

CVE-2023-22742 affecting package libgit2 for versions less than 1.4.5-1

CVE-2023-22742 affecting package libgit2 for versions less than 1.4.5-1. An upgraded version of the package is available that resolves this issue...

SUSE-SU-2023:1570-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2023-22742: Fixed SSH keys verification failure bsc1207364...