PT-2018-3838 · Libgit2+2 · Libgit2+2

Published

2018-07-14

Updated

2022-05-11

CVE-2018-15501

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libgit2 versions prior to 0.26.6 libgit2 versions 0.27.x prior to 0.27.4

Description The issue is related to the ng pkt function in the transports/smart pkt.c component of libgit2, which is implemented in C. It involves a buffer data out-of-bounds read. A remote attacker can exploit this by sending a crafted smart-protocol "ng" packet that lacks a 0 byte, triggering an out-of-bounds read that leads to a denial of service.

Recommendations For libgit2 versions prior to 0.26.6, update to version 0.26.6 or later. For libgit2 versions 0.27.x prior to 0.27.4, update to version 0.27.4 or later.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-2459

BDU:2022-05960

CVE-2018-15501

DLA-1477-1

DLA-2936-1

OPENSUSE-SU-2018_2502-1

OPENSUSE-SU-2018_3519-1

SUSE-SU-2018:2469-1

SUSE-SU-2018:3440-1

Affected Products

Alt Linux

Suse

Libgit2

PT-2018-3838 · Libgit2+2 · Libgit2+2

CVE-2018-15501

Weakness Enumeration

Related Identifiers

Affected Products

References · 36