CVE-2018-8099 - Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in

CVE-2018-8099

Summary

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.

References

Vulnerable Configurations

cpe:2.3:a:libgit2:libgit2:-:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:-:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.19.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.19.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.20.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.4:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.4:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.5:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.21.5:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.22.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.4:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.23.4:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.2:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.3:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.4:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.4:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.5:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.5:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.6:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.24.6:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.25.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.0:-:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.1:*:*:*:*:*:*:*
cpe:2.3:a:libgit2:libgit2:0.26.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 25-04-2022 - 20:41)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

confirm

Last major update

25-04-2022 - 20:41

Published

14-03-2018 - 00:29

Last modified

25-04-2022 - 20:41