A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
References
Configurations
History
21 Nov 2024, 03:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1598021 - Issue Tracking, Patch | |
References | () https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a - Patch | |
References | () https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22 - Patch | |
References | () https://github.com/libgit2/libgit2/releases/tag/v0.27.3 - Patch, Release Notes | |
References | () https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html - Mailing List, Third Party Advisory |
15 Feb 2024, 20:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1598021 - Issue Tracking, Patch | |
References | () https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a - Patch | |
References | () https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22 - Patch | |
References | () https://github.com/libgit2/libgit2/releases/tag/v0.27.3 - Patch, Release Notes |
19 Apr 2022, 16:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html - Mailing List, Third Party Advisory |
21 Mar 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-07-10 14:29
Updated : 2024-11-21 03:42
NVD link : CVE-2018-10887
Mitre link : CVE-2018-10887
CVE.ORG link : CVE-2018-10887
JSON object : View
Products Affected
debian
- debian_linux
libgit2
- libgit2