CVE-2024-24575

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libgit2 versions prior to 1.7.2

Description The issue is related to the git revparse single function, which can enter an infinite loop when provided with well-crafted inputs, potentially causing a Denial of Service attack. The revparse function in src/libgit2/revparse.c uses a loop to parse the user-provided spec string, and there is an edge-case that allows a bad actor to force the loop conditions to access arbitrary memory, potentially leading to memory leaks.

Recommendations For libgit2 versions prior to 1.7.2, upgrade to version 1.7.2 to resolve the issue. As a temporary workaround, consider restricting the use of the git revparse single function to minimize the risk of exploitation. Avoid using the git revparse single function with untrusted input until the issue is resolved.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

AZL-34331

BDU:2024-01378

CVE-2024-24575

DSA-5619-1

GHSA-54MF-X2RH-HQ9V

OESA-2024-1202

OESA-2024-1203

OPENSUSE-SU-2024:13675-1

OPENSUSE-SU-2024_2584-1

ROSA-SA-2025-2656

RUSTSEC-2024-0013

SUSE-SU-2024:2584-1

SUSE-SU-2024_2584-1

USN-6678-1

Affected Products

Linuxmint

Red Os

Suse

Ubuntu

Libgit2

CVE-2024-24575

Weakness Enumeration

Related Identifiers

Affected Products

References · 53