548 matches found
DEBIAN-CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
AZL-13175 CVE-2023-22742 affecting package rust for versions less than 1.68.0-1
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
Design/Logic Flaw
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
UBUNTU-CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
CVE-2023-22742 affects libgit2 when using SSH with the optional libssh2 backend. The issue is that certificate checking is not performed by default unless a certificate_check callback is explicitly configured in git_remote_callbacks, enabling potential MITM if server SSH keys are not validated. T...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742 libgit2 fails to verify SSH keys by default
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificatecheck field of libgit2's gitremotecallbacks...
RUSTSEC-2023-0003 git2 does not verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...
abacuz (=0.1.1), almel (>=1.2.0 <=1.3.0) +531 more potentially affected by CVE-2023-22742 via libgit2-sys (>=0.10.0 <=0.13.2+1.4.2)
libgit2-sys CARGO version =0.10.0, =1.2.0, =0.0.1, =0.1.0, =1.0.0, =0.0.1, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2023-22742 Source advisory: OSV:RUSTSEC-2023-0003...
git2 does not verify SSH keys by default
The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...
libgit2 数据伪造问题漏洞
libgit2 is a portable, C implementation of the Git core development package. A data forgery issue vulnerability exists in libgit2 that stems from the fact that libgit2 does not perform certificate checking by default...
PT-2023-1296 · Libssh2 +6 · Libssh2 +6
Name of the Vulnerable Software and Affected Versions: libgit2 versions prior to 1.4.5 libgit2 versions prior to 1.5.1 Description: The issue is related to the lack of certificate checking by default when using an SSH remote with the optional libssh2 backend in libgit2. This means that clients wi...
git2 Rust package suppresses ssh host key checking
By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...
SUSE: Security Advisory (SUSE-SU-2022:3495-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : libgit2 (SUSE-SU-2022:3495-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3495-1 advisory. - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio...