Lucene search
Ubuntu.comUB:CVE-2024-25817HistoryMar 06, 2024 - 12:00 a.m.
CVE-2024-25817
2024-03-0600:00:00
ubuntu.com
ubuntu.com
11
buffer overflow
eza v0.18.2
local attackers
arbitrary code
.git/head
.git/refs
.git/objects
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.2%
Buffer Overflow vulnerability in eza before version 0.18.2, allows local
attackers to execute arbitrary code via the .git/HEAD, .git/refs, and
.git/objects components.
Notes
| Author | Note |
|---|---|
| Priority reason: Likely not affected due to not vendoring libgit2. | |
| sbeattie | likely due to an embedded copy of libgit2 vulnerable to CVE-2024-24577. The debian and ubuntu packages are likely not-affected due to rust-eza being patched to use the system libgit2 and not the vendored copy. |
Related
github
github
eza Potential Heap Overflow Vulnerability for AArch64
2024-02-08 18:47:28
cve
cve
CVE-2024-25817
2024-03-06 00:15:52
CVE-2024-24577
2024-02-06 22:16:15
prion
prion
Buffer overflow
2024-03-06 00:15:00
Heap overflow
2024-02-06 22:16:00
cvelist
cvelist
CVE-2024-25817
2024-03-05 00:00:00
debiancve
debiancve
CVE-2024-25817
2024-03-06 00:15:52
CVE-2024-24577
2024-02-06 22:16:15
nvd
nvd
CVE-2024-25817
2024-03-06 00:15:52
CVE-2024-24577
2024-02-06 22:16:15
osv
osv
eza Potential Heap Overflow Vulnerability for AArch64
2024-02-08 18:47:28
libgit2 - security update
2024-02-27 00:00:00
libgit2 - security update
2024-02-09 00:00:00
ubuntucve
ubuntucve
CVE-2024-24577
2024-02-06 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-24577 affecting package libgit2 for versions less than 1.6.5-1
2024-02-28 17:38:28
alpinelinux
alpinelinux
CVE-2024-24577
2024-02-06 22:16:15
cgr
cgr
CVE-2024-24577 vulnerabilities
2024-05-19 03:07:16
debian
debian
[SECURITY] [DLA 3742-1] libgit2 security update
2024-02-27 09:09:25
[SECURITY] [DSA 5619-1] libgit2 security update
2024-02-09 19:16:16
freebsd
freebsd
Libgit2 -- multiple vulnerabilities
2024-02-06 00:00:00
redhatcve
redhatcve
CVE-2024-24577
2024-02-07 01:02:03
veracode
veracode
Heap Buffer Overflow
2024-02-07 07:11:54
nessus
nessus
Debian dla-3742 : libgit2-27 - security update
2024-02-27 00:00:00
FreeBSD : Libgit2 -- multiple vulnerabilities (43768ff3-c683-11ee-97d0-001b217b3468)
2024-02-09 00:00:00
Fedora 39 : libgit2_1.6 (2024-605004a28e)
2024-02-17 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5619-1)
2024-02-12 00:00:00
Debian: Security Advisory (DLA-3742-1)
2024-02-28 00:00:00
Mageia: Security Advisory (MGASA-2024-0059)
2024-03-15 00:00:00
wolfi
wolfi
CVE-2024-24577 vulnerabilities
2024-06-18 09:08:19
fedora
fedora
[SECURITY] Fedora 39 Update: rust-pretty-git-prompt-0.2.1-20.fc39
2024-02-20 01:40:34
[SECURITY] Fedora 39 Update: rust-shadow-rs-0.8.1-8.fc39
2024-02-20 01:40:35
[SECURITY] Fedora 38 Update: rust-git2-0.18.2-1.fc38
2024-02-22 02:43:26
amazon
amazon
Important: rust
2024-03-13 20:26:00
redos
redos
ROS-20240410-13
2024-04-10 00:00:00
mageia
mageia
Updated libgit2 packages fix security vulnerabilities
2024-03-14 20:25:59
ubuntu
ubuntu
libgit2 vulnerabilities
2024-03-05 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.2%
Related for UB:CVE-2024-25817