9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.2%
Buffer Overflow vulnerability in eza before version 0.18.2, allows local
attackers to execute arbitrary code via the .git/HEAD, .git/refs, and
.git/objects components.
Author | Note |
---|---|
Priority reason: Likely not affected due to not vendoring libgit2. | |
sbeattie | likely due to an embedded copy of libgit2 vulnerable to CVE-2024-24577. The debian and ubuntu packages are likely not-affected due to rust-eza being patched to use the system libgit2 and not the vendored copy. |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.2%