ID CVE-2016-10129
Summary The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
References
Vulnerable Configurations
  • cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-03-2017 - 01:59)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 95339
confirm
mlist
  • [oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
  • [oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6
suse
  • openSUSE-SU-2017:0397
  • openSUSE-SU-2017:0405
  • openSUSE-SU-2017:0484
Last major update 28-03-2017 - 01:59
Published 24-03-2017 - 15:59
Last modified 28-03-2017 - 01:59
Back to Top