CVE-2016-8568

CVE-2016-8568 affects libgit2 prior to 0.24.3, where the git_commit_message function in oid.c can trigger an out-of-bounds read via a crafted object file when a cat-file command is processed. This has been publicly documented across multiple advisories and feeds (NVD entry and vendor-focused noti...

CVE-2016-10130

CVE-2016-10130 affects libgit2: the http_connect path in transports/http.c allows a MITM by clobbering the error variable. Versions before 0.24.6 and 0.25.x before 0.25.1 are vulnerable. Impact: spoofed certificates/possible remote compromise; remediation: upgrade libgit2 to 0.24.6+ (or 0.25.1+ i...

CVE-2016-8569

Vulnerability details (CVE-2016-8569): The libgit2 library (versions before 0.24.3) is affected by a denial-of-service via a NULL pointer dereference in git_commit_message when processing certain crafted objects (cat-file usage). Public advisories in Debian/Ubuntu openSUSE notes confirm the issue...

CVE-2016-10128

CVE-2016-10128 describes a buffer overflow in the Git Smart Protocol handling of libgit2. Specifically, the vulnerability arises in git_pkt_parse_line within transports/smart_pkt.c, allowing remote attackers to cause unspecified impact via a crafted non-flush packet when using libgit2 versions be...

CVE-2016-10129

CVE-2016-10129 affects libgit2’s Git Smart Protocol handling: an empty packet line can trigger a NULL pointer dereference, enabling a remote DoS. Public docs confirm the issue and that upstream fixes were implemented in 0.24.6 (and related 0.25.x fixes in other CVEs); affected releases prior to t...