The vulnerability of the ng_pkt function in the transports/smart_pkt.c component of the Libgit2 C library methods allows a attacker to cause a service failure.

The vulnerability of the ngpkt function in the transports/smartpkt.c component of the Git methods implemented in the C language, Libgit2, relates to reading data from beyond the buffer’s acceptable limits. Exploiting this vulnerability allows a remote attacker to cause service failures...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

CVE-2018-15501

The CVE-2018-15501 issue exists in libgit2’s ng_pkt handling (transports/smart_pkt.c). A remote attacker can send a crafted smart-protocol packet (“ng”) that lacks a '\0' byte, triggering an out-of-bounds read and DoS. Affected versions are libgit2 before 0.26.6 and 0.27.x before 0.27.4. Remediat...

libgit2/download_refs_fuzzer: Heap-buffer-overflow in ng_pkt

Project: https://github.com/libgit2/libgit2.git Detailed report: https://oss-fuzz.com/testcase?key=5105997956775936 Project: libgit2 Fuzzer: afllibgit2downloadrefsfuzzer Fuzz target binary: downloadrefsfuzzer Job Type: aflasanlibgit2 Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash...