| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-8098 | 4.3 |
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.
|
11-05-2022 - 21:17 | 14-03-2018 - 00:29 | |
| CVE-2018-8099 | 4.3 |
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
|
25-04-2022 - 20:41 | 14-03-2018 - 00:29 | |
| CVE-2016-10129 | 5.0 |
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
|
28-03-2017 - 01:59 | 24-03-2017 - 15:59 | |
| CVE-2016-10128 | 7.5 |
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
|
28-03-2017 - 01:59 | 24-03-2017 - 15:59 | |
| CVE-2016-10130 | 4.3 |
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
|
28-03-2017 - 01:59 | 24-03-2017 - 15:59 |