CVE-2018-15501

Published: Aug 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406

x_refsource_MISC

https://github.com/libgit2/libgit2/releases/tag/v0.27.4

x_refsource_MISC

https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html

x_refsource_MISC

https://bugzilla.suse.com/show_bug.cgi?id=1104641

x_refsource_MISC

[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update

mailing-list

x_refsource_MLIST

https://github.com/libgit2/libgit2/releases/tag/v0.26.6

x_refsource_MISC

https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649

x_refsource_MISC

[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-15501

Description

Affected Products

References