VYPR

Libgit2

by Libgit2 Project

Source repositories

CVEs (15)

  • CVE-2016-10128CriMar 24, 2017
    risk 0.57cvss 9.8epss 0.04

    Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.

  • CVE-2018-15501HigAug 18, 2018
    risk 0.42cvss 7.5epss 0.04

    In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.

  • CVE-2016-10129HigMar 24, 2017
    risk 0.42cvss 7.5epss 0.04

    The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

  • CVE-2016-8569MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

  • CVE-2016-8568MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

  • CVE-2016-10130MedMar 24, 2017
    risk 0.31cvss 5.9epss 0.02

    The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.

  • CVE-2024-24577Feb 6, 2024
    risk 0.00cvss epss 0.02

    libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary…

  • CVE-2024-24575Feb 6, 2024
    risk 0.00cvss epss 0.01

    libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop,…

  • CVE-2023-22742Jan 20, 2023
    risk 0.00cvss epss 0.01

    libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of…

  • CVE-2020-12278Apr 27, 2020
    risk 0.00cvss epss 0.05

    An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.

  • CVE-2020-12279Apr 27, 2020
    risk 0.00cvss epss 0.05

    An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.

  • CVE-2018-10888MedJul 10, 2018
    risk 0.00cvss 6.5epss 0.02

    A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.

  • CVE-2018-10887HigJul 10, 2018
    risk 0.00cvss 8.1epss 0.02

    A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An…

  • CVE-2018-8099MedMar 14, 2018
    risk 0.00cvss 6.5epss 0.01

    Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.

  • CVE-2018-8098MedMar 14, 2018
    risk 0.00cvss 6.5epss 0.01

    Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.