Back to search
CVE-2018-10887
Published: Jul 10, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
| Vendor | Product | Versions |
|---|---|---|
libgit2 | libgit2 | affected before version 0.27.3 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1598021
x_refsource_CONFIRM
[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update
mailing-list
x_refsource_MLIST
https://github.com/libgit2/libgit2/releases/tag/v0.27.3
x_refsource_CONFIRM
[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now