CVE-2018-10888
10.07.2018, 14:29
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libgit2 | libgit2 | 𝑥 < 0.27.3 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libgit2-1_3 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgit2-1_7 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgit2-26 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgit2-28 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgit2-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libgit2-tools |
|
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
References