Skip to main content

Libgit2 CVE-2016-8569

MEDIUM
NULL Pointer Dereference (CWE-476)
2017-02-03 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 03, 2017 - 15:59 cve.org
MEDIUM 5.5

DescriptionCVE.org

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

AnalysisAI

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Affected products include: Libgit2 Project Libgit2, Fedoraproject Fedora, Opensuse Leap, Opensuse, Suse Linux Enterprise. Version information: before 0.24.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2018-15501 HIGH POC
7.5 Aug 18

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a craf

CVE-2016-10128 CRITICAL
9.8 Mar 24

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit

CVE-2020-12279 CRITICAL
9.8 Apr 27

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2020-12278 CRITICAL
9.8 Apr 27

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2016-10129 HIGH
7.5 Mar 24

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a deni

CVE-2018-10887 HIGH
8.1 Jul 10

A flaw was found in libgit2 before version 0.27.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploi

CVE-2018-10888 MEDIUM
6.5 Jul 10

A flaw was found in libgit2 before version 0.27.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2018-8099 MEDIUM
6.5 Mar 14

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26

CVE-2018-8098 MEDIUM
6.5 Mar 14

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v

CVE-2016-10130 MEDIUM
5.9 Mar 24

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-

CVE-2023-22742 MEDIUM
5.9 Jan 20

libgit2 is a cross-platform, linkable library implementation of Git. Rated medium severity (CVSS 5.9), this vulnerabilit

CVE-2016-8568 MEDIUM
5.5 Feb 03

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (

Share

CVE-2016-8569 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy