3 matches found
CVE-2017-16228
Summary (CVE-2017-16228) : Dulwich up to version 0.18.5 is vulnerable when an SSH subprocess is used and an ssh URL with an initial dash in the hostname is processed, allowing remote command execution. The issue stems from inadequate validation of ssh URLs, enabling an attacker-controlled hostnam...
CVE-2015-0838
Dulwich (Python Git library) is affected by a buffer overflow in the C implementation of apply_delta in _pack.c, impacting versions before 0.9.9 and enabling remote code execution via a crafted pack file. Mitigation: upgrade to Dulwich 0.9.9+ (e.g., 0.10.0 per Mageia advisory) or apply provided s...
CVE-2014-9706
The CVE concerns Dulwich (Python Git implementation). The vulnerability exists in the function build_index_from_tree (index.py) in Dulwich versions prior to 0.9.9, where a commit with a directory path starting with .git/ is not handled correctly during checkout, allowing remote command execution....