Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for libgit2 by libgit2_project
CVE-2016-10130 (GCVE-0-2016-10130)
Vulnerability from nvd – Published: 2017-03-24 15:00 – Updated: 2024-08-06 03:14
VLAI
Summary
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://libgit2.github.com/security/ | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/01/10/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/11/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/95359 | vdb-entryx_refsource_BID |
| https://github.com/libgit2/libgit2/commit/9a64e62… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| https://github.com/libgit2/libgit2/commit/b5c6a1b… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:41.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libgit2.github.com/security/"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "95359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libgit2.github.com/security/"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "95359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-10130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libgit2.github.com/security/",
"refsource": "CONFIRM",
"url": "https://libgit2.github.com/security/"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "95359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95359"
},
{
"name": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22"
},
{
"name": "openSUSE-SU-2017:0397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211"
},
{
"name": "openSUSE-SU-2017:0484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-10130",
"datePublished": "2017-03-24T15:00:00.000Z",
"dateReserved": "2017-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:41.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10129 (GCVE-0-2016-10129)
Vulnerability from nvd – Published: 2017-03-24 15:00 – Updated: 2024-08-06 03:14
VLAI
Summary
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://libgit2.github.com/security/ | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/2fdef64… | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/84d30d5… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/01/10/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/11/6 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/95339 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:41.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "95339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95339"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "95339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95339"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-10129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libgit2.github.com/security/",
"refsource": "CONFIRM",
"url": "https://libgit2.github.com/security/"
},
{
"name": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a"
},
{
"name": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "95339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95339"
},
{
"name": "openSUSE-SU-2017:0484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-10129",
"datePublished": "2017-03-24T15:00:00.000Z",
"dateReserved": "2017-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:41.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10128 (GCVE-0-2016-10128)
Vulnerability from nvd – Published: 2017-03-24 15:00 – Updated: 2024-08-06 03:14
VLAI
Summary
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95338 | vdb-entryx_refsource_BID |
| https://libgit2.github.com/security/ | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/66e3774… | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/4ac39c7… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/01/10/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/11/6 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "95338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-10128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95338"
},
{
"name": "https://libgit2.github.com/security/",
"refsource": "CONFIRM",
"url": "https://libgit2.github.com/security/"
},
{
"name": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834"
},
{
"name": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "openSUSE-SU-2017:0484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-10128",
"datePublished": "2017-03-24T15:00:00.000Z",
"dateReserved": "2017-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8569 (GCVE-0-2016-8569)
Vulnerability from nvd – Published: 2017-02-03 15:00 – Updated: 2024-08-06 02:27
VLAI
Summary
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1383211 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/93465 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/10/08/7 | mailing-listx_refsource_MLIST |
| https://github.com/libgit2/libgit2/issues/3937 | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/releases/tag/v0.24.3 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-09-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "93465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93465"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/issues/3937"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "93465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93465"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/issues/3937"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "93465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93465"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"name": "https://github.com/libgit2/libgit2/issues/3937",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/issues/3937"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8569",
"datePublished": "2017-02-03T15:00:00.000Z",
"dateReserved": "2016-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:40.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8568 (GCVE-0-2016-8568)
Vulnerability from nvd – Published: 2017-02-03 15:00 – Updated: 2024-08-06 02:27
VLAI
Summary
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1383211 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/libgit2/libgit2/issues/3936 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/10/08/7 | mailing-listx_refsource_MLIST |
| https://github.com/libgit2/libgit2/releases/tag/v0.24.3 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/93466 | vdb-entryx_refsource_BID |
Date Public
2016-09-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/issues/3936"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
},
{
"name": "93466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/issues/3936"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
},
{
"name": "93466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "https://github.com/libgit2/libgit2/issues/3936",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/issues/3936"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
},
{
"name": "93466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8568",
"datePublished": "2017-02-03T15:00:00.000Z",
"dateReserved": "2016-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:40.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10129 (GCVE-0-2016-10129)
Vulnerability from cvelistv5 – Published: 2017-03-24 15:00 – Updated: 2024-08-06 03:14
VLAI
Summary
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://libgit2.github.com/security/ | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/2fdef64… | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/84d30d5… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/01/10/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/11/6 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/95339 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:41.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "95339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95339"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "95339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95339"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-10129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libgit2.github.com/security/",
"refsource": "CONFIRM",
"url": "https://libgit2.github.com/security/"
},
{
"name": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a"
},
{
"name": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "95339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95339"
},
{
"name": "openSUSE-SU-2017:0484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-10129",
"datePublished": "2017-03-24T15:00:00.000Z",
"dateReserved": "2017-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:41.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10130 (GCVE-0-2016-10130)
Vulnerability from cvelistv5 – Published: 2017-03-24 15:00 – Updated: 2024-08-06 03:14
VLAI
Summary
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://libgit2.github.com/security/ | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/01/10/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/11/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/95359 | vdb-entryx_refsource_BID |
| https://github.com/libgit2/libgit2/commit/9a64e62… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| https://github.com/libgit2/libgit2/commit/b5c6a1b… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:41.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libgit2.github.com/security/"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "95359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libgit2.github.com/security/"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "95359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-10130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libgit2.github.com/security/",
"refsource": "CONFIRM",
"url": "https://libgit2.github.com/security/"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "95359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95359"
},
{
"name": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22"
},
{
"name": "openSUSE-SU-2017:0397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211"
},
{
"name": "openSUSE-SU-2017:0484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-10130",
"datePublished": "2017-03-24T15:00:00.000Z",
"dateReserved": "2017-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:41.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10128 (GCVE-0-2016-10128)
Vulnerability from cvelistv5 – Published: 2017-03-24 15:00 – Updated: 2024-08-06 03:14
VLAI
Summary
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95338 | vdb-entryx_refsource_BID |
| https://libgit2.github.com/security/ | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/66e3774… | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/4ac39c7… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2017/01/10/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2017/01/11/6 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95338"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-27T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "95338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95338"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://libgit2.github.com/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "openSUSE-SU-2017:0484",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-10128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95338"
},
{
"name": "https://libgit2.github.com/security/",
"refsource": "CONFIRM",
"url": "https://libgit2.github.com/security/"
},
{
"name": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834"
},
{
"name": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2"
},
{
"name": "[oss-security] 20170110 CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/10/5"
},
{
"name": "[oss-security] 20170110 Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/11/6"
},
{
"name": "openSUSE-SU-2017:0397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html"
},
{
"name": "openSUSE-SU-2017:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html"
},
{
"name": "openSUSE-SU-2017:0484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-10128",
"datePublished": "2017-03-24T15:00:00.000Z",
"dateReserved": "2017-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8568 (GCVE-0-2016-8568)
Vulnerability from cvelistv5 – Published: 2017-02-03 15:00 – Updated: 2024-08-06 02:27
VLAI
Summary
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1383211 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/libgit2/libgit2/issues/3936 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/10/08/7 | mailing-listx_refsource_MLIST |
| https://github.com/libgit2/libgit2/releases/tag/v0.24.3 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/93466 | vdb-entryx_refsource_BID |
Date Public
2016-09-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/issues/3936"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
},
{
"name": "93466",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/issues/3936"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
},
{
"name": "93466",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "https://github.com/libgit2/libgit2/issues/3936",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/issues/3936"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
},
{
"name": "93466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8568",
"datePublished": "2017-02-03T15:00:00.000Z",
"dateReserved": "2016-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:40.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8569 (GCVE-0-2016-8569)
Vulnerability from cvelistv5 – Published: 2017-02-03 15:00 – Updated: 2024-08-06 02:27
VLAI
Summary
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1383211 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/93465 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2016/10/08/7 | mailing-listx_refsource_MLIST |
| https://github.com/libgit2/libgit2/issues/3937 | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/releases/tag/v0.24.3 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2016-1… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2017-0… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2016-09-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "93465",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93465"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/issues/3937"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "93465",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93465"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/issues/3937"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
},
{
"name": "FEDORA-2016-616a35205b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
},
{
"name": "93465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93465"
},
{
"name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
},
{
"name": "https://github.com/libgit2/libgit2/issues/3937",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/issues/3937"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
},
{
"name": "openSUSE-SU-2016:3097",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
},
{
"name": "FEDORA-2016-505d7fe198",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
},
{
"name": "openSUSE-SU-2017:0208",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
},
{
"name": "openSUSE-SU-2017:0195",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8569",
"datePublished": "2017-02-03T15:00:00.000Z",
"dateReserved": "2016-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:40.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}