Skip to main content

Libgit2 CVE-2018-8098

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2018-03-14 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 14, 2018 - 00:29 nvd
MEDIUM 6.5

DescriptionNVD

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.

AnalysisAI

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. Affected products include: Libgit2, Debian Debian Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2018-15501 HIGH POC
7.5 Aug 18

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a craf

CVE-2016-10128 CRITICAL
9.8 Mar 24

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit

CVE-2020-12279 CRITICAL
9.8 Apr 27

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2020-12278 CRITICAL
9.8 Apr 27

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulner

CVE-2016-10129 HIGH
7.5 Mar 24

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a deni

CVE-2018-10887 HIGH
8.1 Jul 10

A flaw was found in libgit2 before version 0.27.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploi

CVE-2018-10888 MEDIUM
6.5 Jul 10

A flaw was found in libgit2 before version 0.27.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2018-8099 MEDIUM
6.5 Mar 14

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26

CVE-2016-10130 MEDIUM
5.9 Mar 24

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-

CVE-2023-22742 MEDIUM
5.9 Jan 20

libgit2 is a cross-platform, linkable library implementation of Git. Rated medium severity (CVSS 5.9), this vulnerabilit

CVE-2016-8569 MEDIUM
5.5 Feb 03

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NUL

CVE-2016-8568 MEDIUM
5.5 Feb 03

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (

Share

CVE-2018-8098 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy