Skip to main content

Libgit2

13 CVEs product

Monthly

CVE-2023-22742 Cargo MEDIUM PATCH This Month

libgit2 is a cross-platform, linkable library implementation of Git. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Libgit2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-12279 CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-12278 CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.1%
CVE-2018-15501 HIGH POC PATCH This Week

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Debian Linux Libgit2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2018-10888 MEDIUM PATCH This Month

A flaw was found in libgit2 before version 0.27.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-10887 HIGH PATCH This Week

A flaw was found in libgit2 before version 0.27.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2018-8099 MEDIUM PATCH This Month

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2018-8098 MEDIUM PATCH This Month

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2016-10130 MEDIUM PATCH This Month

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Libgit2
NVD GitHub
CVSS 3.0
5.9
EPSS
1.1%
CVE-2016-10129 HIGH PATCH This Week

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2
NVD GitHub
CVSS 3.0
7.5
EPSS
4.8%
CVE-2016-10128 CRITICAL PATCH Act Now

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libgit2
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-8569 MEDIUM PATCH This Month

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2 Fedora Leap +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-8568 MEDIUM PATCH This Month

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Fedora Leap +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

libgit2 is a cross-platform, linkable library implementation of Git. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Libgit2
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Libgit2 Debian Linux
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Debian Linux +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in libgit2 before version 0.27.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

A flaw was found in libgit2 before version 0.27.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Libgit2
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libgit2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2 +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +5
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy