Unrated severityNVD Advisory· Published Jul 10, 2018· Updated Sep 17, 2024
CVE-2018-10887
CVE-2018-10887
Description
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
Affected products
6- osv-coords5 versionspkg:rpm/opensuse/libgit2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libgit2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/libgit2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libgit2&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/libgit2&distro=SUSE%20Manager%20Server%203.2
< 1.1.1-1.2+ 4 more
- (no CPE)range: < 1.1.1-1.2
- (no CPE)range: < 0.26.6-3.5.2
- (no CPE)range: < 0.24.1-7.6.1
- (no CPE)range: < 0.24.1-7.6.1
- (no CPE)range: < 0.24.1-7.6.1
- libgit2/libgit2v5Range: before version 0.27.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2amitrex_refsource_CONFIRM
- github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22mitrex_refsource_CONFIRM
- github.com/libgit2/libgit2/releases/tag/v0.27.3mitrex_refsource_CONFIRM
- lists.debian.org/debian-lts-announce/2018/08/msg00024.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2022/03/msg00031.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.