ID CVE-2018-10887
Summary A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
References
Vulnerable Configurations
  • cpe:2.3:a:libgit2:libgit2:-:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.4:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.5:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.6:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.4:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.5:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.6:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.7:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.8:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.27.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.27.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.27.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.27.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.27.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.27.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.27.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.27.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.27.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.27.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.27.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.27.2:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 15-02-2024 - 20:59)
Impact:
Exploitability:
CWE CWE-681
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:P
refmap via4
confirm
mlist [debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update
Last major update 15-02-2024 - 20:59
Published 10-07-2018 - 14:29
Last modified 15-02-2024 - 20:59
Back to Top