CVE-2018-15501

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
debiandebian_linux
8.0
debiandebian_linux
9.0
libgit2libgit2
𝑥
< 0.26.6
libgit2libgit2
0.27.0 ≤
𝑥
< 0.27.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgit2
bullseye (security)
1.1.0+dfsg.1-4+deb11u2
fixed
bullseye
1.1.0+dfsg.1-4+deb11u2
fixed
bookworm
1.5.1+ds-1+deb12u1
fixed
bookworm (security)
1.5.1+ds-1+deb12u1
fixed
trixie
1.8.2~rc1+ds2-1
fixed
sid
1.8.4+ds-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgit2
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
needed
xenial
needed
trusty
needed
Common Weakness Enumeration
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
https://bugzilla.suse.com/show_bug.cgi?id=1104641
https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
https://github.com/libgit2/libgit2/releases/tag/v0.26.6
https://github.com/libgit2/libgit2/releases/tag/v0.27.4
https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html
https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
https://bugzilla.suse.com/show_bug.cgi?id=1104641
https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
https://github.com/libgit2/libgit2/releases/tag/v0.26.6
https://github.com/libgit2/libgit2/releases/tag/v0.27.4
https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html
https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html