Critical severity9.8NVD Advisory· Published Apr 8, 2016· Updated May 6, 2026

CVE-2016-2324

Description

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Affected products

SUSE S.A./Linux Enterprise Software Development Kit3 versions
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
Git/Git
cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*
Range: <=2.7.3
SUSE S.A./Linux Enterprise Debuginfo
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
SUSE S.A./Openstack Cloud
cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60nvdPatchThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.htmlnvdMailing ListVendor Advisory
lists.opensuse.org/opensuse-updates/2016-04/msg00011.htmlnvdMailing ListVendor Advisory
pastebin.com/UX2P2jjgnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0496.htmlnvdThird Party Advisory
www.debian.org/security/2016/dsa-3521nvdThird Party Advisory
www.openwall.com/lists/oss-security/2016/03/15/5nvdMailing ListThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlnvdThird Party Advisory
www.securityfocus.com/bid/84355nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035290nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2938-1nvdThird Party Advisory
raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txtnvdVendor Advisory
security.gentoo.org/glsa/201605-01nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.018
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000