CVE-2018-10888
Summary
| CVE | CVE-2018-10888 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-07-10 14:29:00 UTC |
|---|
| Updated | 2023-11-07 02:51:00 UTC |
|---|
| Description | A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Release libgit2 v0.27.3 · libgit2/libgit2 · GitHub |
CONFIRM |
github.com |
Patch, Release Notes, Third Party Advisory |
| 1598024 – (CVE-2018-10888) CVE-2018-10888 libgit2: an improper input validation leads to an out-of-bound read in git_delta_apply, allowing to read beyond delta limits |
CONFIRM |
bugzilla.redhat.com |
Issue Tracking, Patch, Third Party Advisory |
| [SECURITY] [DLA 2936-1] libgit2 security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 1477-1] libgit2 security update |
MLIST |
lists.debian.org |
Mailing List, Third Party Advisory |
| delta: fix out-of-bounds read of delta · libgit2/libgit2@9844d38 · GitHub |
CONFIRM |
github.com |
Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179136 Debian Security Update for libgit2 (DLA 2936-1)
- 501036 Alpine Linux Security Update for libgit2
- 501601 Alpine Linux Security Update for libgit2-1.0
- 502110 Alpine Linux Security Update for libgit2-1.1
