CVE-2018-11233

Опубликовано: 30 мая 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
http://www.securityfocus.com/bid/104346
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040991
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2147
Third Party Advisory
https://marc.info/?l=git&m=152761328506724&w=2
Release Notes
Third Party Advisory
https://security.gentoo.org/glsa/201805-13
Third Party Advisory
https://usn.ubuntu.com/3671-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html
http://www.securityfocus.com/bid/104346
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040991
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2147
Third Party Advisory
https://marc.info/?l=git&m=152761328506724&w=2
Release Notes
Third Party Advisory
https://security.gentoo.org/glsa/201805-13
Third Party Advisory
https://usn.ubuntu.com/3671-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*

Версия до 2.13.6 (включая)

cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*

Версия от 2.14.0 (включая) до 2.14.3 (включая)

cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*

Версия от 2.15.0 (включая) до 2.15.1 (включая)

cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*

Версия от 2.16.0 (включая) до 2.16.3 (включая)

cpe:2.3:a:git-scm:git:2.17.0:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00276

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-11233

CVSS3: 7.5

ubuntu

больше 7 лет назад

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

CVE-2018-11233

CVSS3: 5.3

redhat

больше 7 лет назад

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

CVE-2018-11233

CVSS3: 7.5

debian

больше 7 лет назад

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16 ...

GHSA-f2cx-gr8r-v8wf

CVSS3: 7.5

github

больше 3 лет назад

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

openSUSE-SU-2018:1553-1

suse-cvrf

больше 7 лет назад

Security update for git

EPSS

Процентиль: 51%

0.00276

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125