CVE-2016-10129 - The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attac

CVE-2016-10129

Summary

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

References

Vulnerable Configurations

cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 28-03-2017 - 01:59)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	95339
confirm	https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 https://libgit2.github.com/security/
mlist	[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
suse	openSUSE-SU-2017:0397 openSUSE-SU-2017:0405 openSUSE-SU-2017:0484

Last major update

28-03-2017 - 01:59

Published

24-03-2017 - 15:59

Last modified

28-03-2017 - 01:59