CVE-2016-8568

CVE-2016-8568 affects libgit2 prior to 0.24.3, where the git_commit_message function in oid.c can trigger an out-of-bounds read via a crafted object file when a cat-file command is processed. This has been publicly documented across multiple advisories and feeds (NVD entry and vendor-focused noti...

CVE-2016-8569

Vulnerability details (CVE-2016-8569): The libgit2 library (versions before 0.24.3) is affected by a denial-of-service via a NULL pointer dereference in git_commit_message when processing certain crafted objects (cat-file usage). Public advisories in Debian/Ubuntu openSUSE notes confirm the issue...