ALT-PU-2018-2459-1
Closed vulnerabilities
BDU:2019-00423
Уязвимость функционала «git clone» распределенной системы контроля версий Git, позволяющая нарушителю выполнить произвольный код
BDU:2022-05960
Уязвимость функции ng_pkt компонента transports/smart_pkt.c реализации методов Git на языке C Libgit2, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-15501
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
- https://bugzilla.suse.com/show_bug.cgi?id=1104641
- https://bugzilla.suse.com/show_bug.cgi?id=1104641
- https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
- https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
- https://github.com/libgit2/libgit2/releases/tag/v0.26.6
- https://github.com/libgit2/libgit2/releases/tag/v0.26.6
- https://github.com/libgit2/libgit2/releases/tag/v0.27.4
- https://github.com/libgit2/libgit2/releases/tag/v0.27.4
- [debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update
- [debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update
- [debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update
- [debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update
- https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html
- https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html
Modified: 2024-11-21
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
- openSUSE-SU-2020:0598
- openSUSE-SU-2020:0598
- http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html
- http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html
- 105523
- 105523
- 107511
- 107511
- 1041811
- 1041811
- RHSA-2018:3408
- RHSA-2018:3408
- RHSA-2018:3505
- RHSA-2018:3505
- RHSA-2018:3541
- RHSA-2018:3541
- RHSA-2020:0316
- RHSA-2020:0316
- https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404
- https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404
- https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46
- https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46
- https://marc.info/?l=git&m=153875888916397&w=2
- https://marc.info/?l=git&m=153875888916397&w=2
- 20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities
- 20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities
- USN-3791-1
- USN-3791-1
- DSA-4311
- DSA-4311
- 45548
- 45548
- 45631
- 45631
- https://www.openwall.com/lists/oss-security/2018/10/06/3
- https://www.openwall.com/lists/oss-security/2018/10/06/3