CVE-2016-2324 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
opensuse	leap	42.1
opensuse	opensuse	13.2
suse	linux_enterprise_server	12.0:sp1
suse	linux_enterprise_software_development_kit	12.0:sp1
git-scm	git	𝑥 ≤ 2.7.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

cgit

bullseye	1.2.3+git2.25.1-1 fixed
bookworm	1.2.3+git20221219.50.91f2590+git2.39.1-1 fixed
sid	1.2.3+git20240802.70.09d24d7+git2.46.0-1 fixed
trixie	1.2.3+git20240802.70.09d24d7+git2.46.0-1 fixed

git

bullseye	1:2.30.2-1+deb11u2 fixed
bullseye (security)	1:2.30.2-1+deb11u3 fixed
bookworm	1:2.39.2-1.1 fixed
bookworm (security)	1:2.39.5-0+deb12u1 fixed
trixie	1:2.45.2-1 fixed
sid	1:2.45.2-1.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

git

wily	Fixed 1:2.5.0-1ubuntu0.2 released
trusty	Fixed 1:1.9.1-1ubuntu0.3 released
precise	Fixed 1:1.7.9.5-1ubuntu0.3 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html

http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html

http://pastebin.com/UX2P2jjg

http://rhn.redhat.com/errata/RHSA-2016-0496.html

http://www.debian.org/security/2016/dsa-3521

http://www.openwall.com/lists/oss-security/2016/03/15/5

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/84355

http://www.securitytracker.com/id/1035290

http://www.ubuntu.com/usn/USN-2938-1

https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60

https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt

https://security.gentoo.org/glsa/201605-01

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html

http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html

http://pastebin.com/UX2P2jjg

http://rhn.redhat.com/errata/RHSA-2016-0496.html

http://www.debian.org/security/2016/dsa-3521

http://www.openwall.com/lists/oss-security/2016/03/15/5

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.securityfocus.com/bid/84355

http://www.securitytracker.com/id/1035290

http://www.ubuntu.com/usn/USN-2938-1

https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60

https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt

https://security.gentoo.org/glsa/201605-01