Описание
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
The http_connect function in transports/http.c in libgit2 before 0.24. ...
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2