CVE-2018-15501
Summary
| CVE | CVE-2018-15501 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-08-18 02:29:00 UTC |
|---|
| Updated | 2022-05-11 20:59:00 UTC |
|---|
| Description | In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Bug 1104641 – VUL-0: CVE-2018-15501: libgit2: out-of-bounds reads when processing smart-protocol "ng" packets |
MISC |
bugzilla.suse.com |
Issue Tracking, Patch, Third Party Advisory |
| [SECURITY] [DLA 2936-1] libgit2 security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 1477-1] libgit2 security update |
MLIST |
lists.debian.org |
Mailing List, Third Party Advisory |
| Sicherheit: Denial of Service in libgit2 - Pro-Linux |
MISC |
www.pro-linux.de |
Third Party Advisory |
| 9406 -
oss-fuzz -
OSS-Fuzz: Fuzzing the planet -
Monorail |
MISC |
bugs.chromium.org |
Third Party Advisory |
| Release libgit2 v0.27.4 · libgit2/libgit2 · GitHub |
MISC |
github.com |
Third Party Advisory |
| Release libgit2 v0.26.6 · libgit2/libgit2 · GitHub |
MISC |
github.com |
Third Party Advisory |
| smart_pkt: fix potential OOB-read when processing ng packet · libgit2/libgit2@1f9a851 · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179136 Debian Security Update for libgit2 (DLA 2936-1)
- 501037 Alpine Linux Security Update for libgit2
- 501602 Alpine Linux Security Update for libgit2-1.0
- 502111 Alpine Linux Security Update for libgit2-1.1
