ALT-PU-2017-1044-1
Closed vulnerabilities
Published: 2017-03-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-10128
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0484
- openSUSE-SU-2017:0484
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- 95338
- 95338
- https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2
- https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2
- https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834
- https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834
- https://libgit2.github.com/security/
- https://libgit2.github.com/security/
Published: 2017-03-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-10129
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0484
- openSUSE-SU-2017:0484
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- 95339
- 95339
- https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a
- https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a
- https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037
- https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037
- https://libgit2.github.com/security/
- https://libgit2.github.com/security/
Published: 2017-03-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-10130
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
Severity: MEDIUM (5.9)
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0397
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0405
- openSUSE-SU-2017:0484
- openSUSE-SU-2017:0484
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
- 95359
- 95359
- https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22
- https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22
- https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211
- https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211
- https://libgit2.github.com/security/
- https://libgit2.github.com/security/