ID CVE-2018-8099
Summary Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
References
Vulnerable Configurations
  • cpe:2.3:a:libgit2:libgit2:-:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.21.5:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.21.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.22.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.22.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.23.4:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.23.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.3:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.4:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.5:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.24.6:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.24.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.0:-:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.0:-:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libgit2:libgit2:0.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:libgit2:libgit2:0.26.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 25-04-2022 - 20:41)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
confirm
Last major update 25-04-2022 - 20:41
Published 14-03-2018 - 00:29
Last modified 25-04-2022 - 20:41
Back to Top