Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libgit2_project | libgit2 | * |
| libgit2_project | libgit2 | 0.25.0 |
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libgit2_project | libgit2 | * |
| libgit2_project | libgit2 | 0.25.0 |
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libgit2_project | libgit2 | * |
| libgit2_project | libgit2 | 0.25.0 |
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 25 |
| libgit2_project | libgit2 | * |
| suse | linux_enterprise | 12.0 |
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 23 |
| opensuse | leap | 42.2 |
| opensuse | leap | 42.1 |
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 13.2 |
| fedoraproject | fedora | 25 |
| libgit2_project | libgit2 | * |
| suse | linux_enterprise | 12.0 |
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 23 |
| opensuse | leap | 42.2 |
| opensuse | leap | 42.1 |