rpm package
suse/libgit2&distro=SUSE Linux Enterprise Module for Development Tools 15
pkg:rpm/suse/libgit2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17456 | — | < 0.26.8-3.8.1 | 0.26.8-3.8.1 | Oct 6, 2018 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a ' | ||
| CVE-2018-15501 | — | < 0.26.6-3.5.2 | 0.26.6-3.5.2 | Aug 18, 2018 | In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. | ||
| CVE-2018-10888 | — | < 0.26.6-3.5.2 | 0.26.6-3.5.2 | Jul 10, 2018 | A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. | ||
| CVE-2018-10887 | — | < 0.26.6-3.5.2 | 0.26.6-3.5.2 | Jul 10, 2018 | A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacke | ||
| CVE-2018-11235 | — | < 0.26.6-3.5.2 | 0.26.6-3.5.2 | May 30, 2018 | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm |
- CVE-2018-17456Oct 6, 2018affected < 0.26.8-3.8.1fixed 0.26.8-3.8.1
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '
- CVE-2018-15501Aug 18, 2018affected < 0.26.6-3.5.2fixed 0.26.6-3.5.2
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
- CVE-2018-10888Jul 10, 2018affected < 0.26.6-3.5.2fixed 0.26.6-3.5.2
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
- CVE-2018-10887Jul 10, 2018affected < 0.26.6-3.5.2fixed 0.26.6-3.5.2
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacke
- CVE-2018-11235May 30, 2018affected < 0.26.6-3.5.2fixed 0.26.6-3.5.2
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-subm