CVE-2009-2108

EUVD-2009-2104
git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
gitgit
1.4.4.5
gitgit
1.5.0
gitgit
1.5.0:rc2
gitgit
1.5.0:rc3
gitgit
1.5.0:rc4
gitgit
1.5.0.1
gitgit
1.5.0.2
gitgit
1.5.0.3
gitgit
1.5.0.4
gitgit
1.5.0.5
gitgit
1.5.0.6
gitgit
1.5.0.7
gitgit
1.5.1
gitgit
1.5.1.1
gitgit
1.5.1.2
gitgit
1.5.1.3
gitgit
1.5.1.4
gitgit
1.5.1.5
gitgit
1.5.2
gitgit
1.5.2.2
gitgit
1.5.2.3
gitgit
1.5.2.4
gitgit
1.5.2.5
gitgit
1.5.3
gitgit
1.5.3:rc5
gitgit
1.5.3:rc7
gitgit
1.5.3.2
gitgit
1.5.3.4
gitgit
1.5.3.6
gitgit
1.5.3.8
gitgit
1.5.4:rc0
gitgit
1.5.4:rc1
gitgit
1.5.4:rc1.1136.g2794
gitgit
1.5.4:rc3
gitgit
1.5.4:rc4
gitgit
1.5.4.1
gitgit
1.5.4.2
gitgit
1.5.4.4
gitgit
1.5.4.7
gitgit
1.5.5
gitgit
1.5.5:rc1
gitgit
1.5.5:rc2
gitgit
1.5.5:rc3
gitgit
1.5.5.1
gitgit
1.5.5.3
gitgit
1.5.5.3:r1
gitgit
1.5.5.4
gitgit
1.5.5.5
gitgit
1.5.5.6
gitgit
1.5.6
gitgit
1.5.6.1
gitgit
1.5.6.2
gitgit
1.5.6.3
gitgit
1.5.6.4
gitgit
1.5.6.5
gitgit
1.5.6.6
gitgit
1.5.6.6:rc0
gitgit
1.5.6.6:rc2
gitgit
1.5.6.6:rc3
gitgit
1.6.0
gitgit
1.6.0:rc1
gitgit
1.6.0:rc2
gitgit
1.6.0:rc3
gitgit
1.6.0.1
gitgit
1.6.0.2
gitgit
1.6.0.3
gitgit
1.6.0.4
gitgit
1.6.0.5
gitgit
1.6.0.6
gitgit
1.6.1
gitgit
1.6.1:rc1
gitgit
1.6.1:rc2
gitgit
1.6.1:rc3
gitgit
1.6.1:rc4
gitgit
1.6.1.4
gitgit
1.6.2
gitgit
1.6.2:rc1
gitgit
1.6.2.1
gitgit
1.6.2.2
gitgit
1.6.2.3
gitgit
1.6.2.4
gitgit
1.6.2.5
gitgit
1.6.3
gitgit
1.6.3:rc1
gitgit
1.6.3:rc2
gitgit
1.6.3:rc3
gitgit
1.6.3:rc4
gitgit
1.6.3.1
gitgit
1.6.3.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
git
dapper
not-affected
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
git-core
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
not-affected
lucid
not-affected
maverick
dne
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
Common Weakness Enumeration
References
http://article.gmane.org/gmane.comp.version-control.git/120733
http://osvdb.org/55034
http://secunia.com/advisories/35437
http://secunia.com/advisories/35730
http://security.gentoo.org/glsa/glsa-200907-05.xml
http://thread.gmane.org/gmane.comp.version-control.git/120724
http://www.mandriva.com/security/advisories?name=MDVSA-2009:155
http://www.openwall.com/lists/oss-security/2009/06/12/1
http://www.securityfocus.com/bid/35338
http://www.securitytracker.com/id?1022398
http://www.vupen.com/english/advisories/2009/1579
https://exchange.xforce.ibmcloud.com/vulnerabilities/51083
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html
https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html
http://article.gmane.org/gmane.comp.version-control.git/120733
http://osvdb.org/55034
http://secunia.com/advisories/35437
http://secunia.com/advisories/35730
http://security.gentoo.org/glsa/glsa-200907-05.xml
http://thread.gmane.org/gmane.comp.version-control.git/120724
http://www.mandriva.com/security/advisories?name=MDVSA-2009:155
http://www.openwall.com/lists/oss-security/2009/06/12/1
http://www.securityfocus.com/bid/35338
http://www.securitytracker.com/id?1022398
http://www.vupen.com/english/advisories/2009/1579
https://exchange.xforce.ibmcloud.com/vulnerabilities/51083
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html
https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html