CVE-2009-2108

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
gitgit
1.4.4.5
gitgit
1.5.0
gitgit
1.5.0:rc2
gitgit
1.5.0:rc3
gitgit
1.5.0:rc4
gitgit
1.5.0.1
gitgit
1.5.0.2
gitgit
1.5.0.3
gitgit
1.5.0.4
gitgit
1.5.0.5
gitgit
1.5.0.6
gitgit
1.5.0.7
gitgit
1.5.1
gitgit
1.5.1.1
gitgit
1.5.1.2
gitgit
1.5.1.3
gitgit
1.5.1.4
gitgit
1.5.1.5
gitgit
1.5.2
gitgit
1.5.2.2
gitgit
1.5.2.3
gitgit
1.5.2.4
gitgit
1.5.2.5
gitgit
1.5.3
gitgit
1.5.3:rc5
gitgit
1.5.3:rc7
gitgit
1.5.3.2
gitgit
1.5.3.4
gitgit
1.5.3.6
gitgit
1.5.3.8
gitgit
1.5.4:rc0
gitgit
1.5.4:rc1
gitgit
1.5.4:rc1.1136.g2794
gitgit
1.5.4:rc3
gitgit
1.5.4:rc4
gitgit
1.5.4.1
gitgit
1.5.4.2
gitgit
1.5.4.4
gitgit
1.5.4.7
gitgit
1.5.5
gitgit
1.5.5:rc1
gitgit
1.5.5:rc2
gitgit
1.5.5:rc3
gitgit
1.5.5.1
gitgit
1.5.5.3
gitgit
1.5.5.3:r1
gitgit
1.5.5.4
gitgit
1.5.5.5
gitgit
1.5.5.6
gitgit
1.5.6
gitgit
1.5.6.1
gitgit
1.5.6.2
gitgit
1.5.6.3
gitgit
1.5.6.4
gitgit
1.5.6.5
gitgit
1.5.6.6
gitgit
1.5.6.6:rc0
gitgit
1.5.6.6:rc2
gitgit
1.5.6.6:rc3
gitgit
1.6.0
gitgit
1.6.0:rc1
gitgit
1.6.0:rc2
gitgit
1.6.0:rc3
gitgit
1.6.0.1
gitgit
1.6.0.2
gitgit
1.6.0.3
gitgit
1.6.0.4
gitgit
1.6.0.5
gitgit
1.6.0.6
gitgit
1.6.1
gitgit
1.6.1:rc1
gitgit
1.6.1:rc2
gitgit
1.6.1:rc3
gitgit
1.6.1:rc4
gitgit
1.6.1.4
gitgit
1.6.2
gitgit
1.6.2:rc1
gitgit
1.6.2.1
gitgit
1.6.2.2
gitgit
1.6.2.3
gitgit
1.6.2.4
gitgit
1.6.2.5
gitgit
1.6.3
gitgit
1.6.3:rc1
gitgit
1.6.3:rc2
gitgit
1.6.3:rc3
gitgit
1.6.3:rc4
gitgit
1.6.3.1
gitgit
1.6.3.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
git
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
not-affected
dapper
not-affected
git-core
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://article.gmane.org/gmane.comp.version-control.git/120733
http://osvdb.org/55034
http://secunia.com/advisories/35437
http://secunia.com/advisories/35730
http://security.gentoo.org/glsa/glsa-200907-05.xml
http://thread.gmane.org/gmane.comp.version-control.git/120724
http://www.mandriva.com/security/advisories?name=MDVSA-2009:155
http://www.openwall.com/lists/oss-security/2009/06/12/1
http://www.securityfocus.com/bid/35338
http://www.securitytracker.com/id?1022398
http://www.vupen.com/english/advisories/2009/1579
https://exchange.xforce.ibmcloud.com/vulnerabilities/51083
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html
https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html
http://article.gmane.org/gmane.comp.version-control.git/120733
http://osvdb.org/55034
http://secunia.com/advisories/35437
http://secunia.com/advisories/35730
http://security.gentoo.org/glsa/glsa-200907-05.xml
http://thread.gmane.org/gmane.comp.version-control.git/120724
http://www.mandriva.com/security/advisories?name=MDVSA-2009:155
http://www.openwall.com/lists/oss-security/2009/06/12/1
http://www.securityfocus.com/bid/35338
http://www.securitytracker.com/id?1022398
http://www.vupen.com/english/advisories/2009/1579
https://exchange.xforce.ibmcloud.com/vulnerabilities/51083
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01045.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01056.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01126.html
https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html