rpm package
opensuse/libgit2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libgit2&distro=openSUSE%20Tumbleweed
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8569 | Med | 5.5 | < 0.24.3-1.1 | 0.24.3-1.1 | Feb 3, 2017 | The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. | |
| CVE-2016-8568 | Med | 5.5 | < 0.24.3-1.1 | 0.24.3-1.1 | Feb 3, 2017 | The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. | |
| CVE-2005-4900 | Med | 5.9 | < 1.1.1-1.2 | 1.1.1-1.2 | Oct 14, 2016 | SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of |
- affected < 0.24.3-1.1fixed 0.24.3-1.1
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
- affected < 0.24.3-1.1fixed 0.24.3-1.1
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
- affected < 1.1.1-1.2fixed 1.1.1-1.2
SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of
Page 2 of 2