PT-2018-3838 · Libgit2+2 · Libgit2+2

Publicado

2018-07-14

Atualizado

2022-05-11

CVE-2018-15501

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libgit2 versions prior to 0.26.6 libgit2 versions 0.27.x prior to 0.27.4

Description The issue is related to the ng pkt function in the transports/smart pkt.c component of libgit2, which is implemented in C. It involves a buffer data out-of-bounds read. A remote attacker can exploit this by sending a crafted smart-protocol "ng" packet that lacks a 0 byte, triggering an out-of-bounds read that leads to a denial of service.

Recommendations For libgit2 versions prior to 0.26.6, update to version 0.26.6 or later. For libgit2 versions 0.27.x prior to 0.27.4, update to version 0.27.4 or later.

Exploit

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-2459

BDU:2022-05960

CVE-2018-15501

DLA-1477-1

DLA-2936-1

OPENSUSE-SU-2018_2502-1

OPENSUSE-SU-2018_3519-1

SUSE-SU-2018:2469-1

SUSE-SU-2018:3440-1

Produtos afetados

Alt Linux

Suse

Libgit2

PT-2018-3838 · Libgit2+2 · Libgit2+2

CVE-2018-15501

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36