Skip to main content

Libgit2 CVE-2016-10128

CRITICAL
Buffer Overflow (CWE-119)
2017-03-24 security@debian.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 24, 2017 - 15:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.

AnalysisAI

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. Affected products include: Libgit2 Project Libgit2. Version information: before 0.24.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2018-15501 HIGH POC
7.5 Aug 18

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a craf

CVE-2020-12279 CRITICAL
9.8 Apr 27

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2020-12278 CRITICAL
9.8 Apr 27

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2016-10129 HIGH
7.5 Mar 24

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a deni

CVE-2018-10887 HIGH
8.1 Jul 10

A flaw was found in libgit2 before version 0.27.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploi

CVE-2018-10888 MEDIUM
6.5 Jul 10

A flaw was found in libgit2 before version 0.27.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2018-8099 MEDIUM
6.5 Mar 14

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26

CVE-2018-8098 MEDIUM
6.5 Mar 14

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v

CVE-2016-10130 MEDIUM
5.9 Mar 24

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-

CVE-2023-22742 MEDIUM
5.9 Jan 20

libgit2 is a cross-platform, linkable library implementation of Git. Rated medium severity (CVSS 5.9), this vulnerabilit

CVE-2016-8569 MEDIUM
5.5 Feb 03

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NUL

CVE-2016-8568 MEDIUM
5.5 Feb 03

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (

Share

CVE-2016-10128 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy