CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

CVE-2016-10128

Buffer overflow in the gitpktparseline function in transports/smartpkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet...

CVE-2016-10130

The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...

CVE-2016-10130

CVE-2016-10130 affects libgit2: the http_connect path in transports/http.c allows a MITM by clobbering the error variable. Versions before 0.24.6 and 0.25.x before 0.25.1 are vulnerable. Impact: spoofed certificates/possible remote compromise; remediation: upgrade libgit2 to 0.24.6+ (or 0.25.1+ i...

CVE-2016-10129

CVE-2016-10129 affects libgit2’s Git Smart Protocol handling: an empty packet line can trigger a NULL pointer dereference, enabling a remote DoS. Public docs confirm the issue and that upstream fixes were implemented in 0.24.6 (and related 0.25.x fixes in other CVEs); affected releases prior to t...

CVE-2016-10129

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...

CVE-2016-10129

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...

CVE-2016-10129

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service NULL pointer dereference via an empty packet line...

CVE-2016-10128

CVE-2016-10128 describes a buffer overflow in the Git Smart Protocol handling of libgit2. Specifically, the vulnerability arises in git_pkt_parse_line within transports/smart_pkt.c, allowing remote attackers to cause unspecified impact via a crafted non-flush packet when using libgit2 versions be...

openSUSE Security Update : libgit2 (openSUSE-2017-262)

This update for libgit2 fixes the several issues. These security issues were fixed : - CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer bsc1019036. - CVE-2016-10129: Additional sanitization prevent some edge...

SUSE-SU-2017:0433-1 Security update for libgit2

This update for libgit2 fixes the several issues. These security issues were fixed: - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom...

openSUSE Security Update : libgit2 (openSUSE-2017-213)

This update for libgit2 fixes the following issues : - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate callback or when using...

OPENSUSE-SU-2017:0405-1 Security update for libgit2

This update for libgit2 to version 0.24.6 fixes the following issues: - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted bsc1019037. - CVE-2017-5338: When using the custom certificate...

Denial Of Service (DoS)

libgit2 is vulnerable to denial of service DoS attacks. The vulnerability exists because the gitcommitmessage function in commit.c parses raw objects which allows the attackers to launch denial of service attacks using a cat-file command with an object file...

Denial Of Service (DoS)

libgit2 is vulnerable to denial of service DoS attacks. The vulnerability exists because gitoidnfmt function in oid.c parses raw objects which allows the attackers to launch denial of service using a cat-file command with an object file...

CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...

CVE-2016-8569

The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...

DEBIAN-CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...

CVE-2016-8569

The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service NULL pointer dereference via a cat-file command with a crafted object file...

UBUNTU-CVE-2016-8568

The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...