Описание
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.
Отчет
Red Hat Product Security has rated these issues as having Important security impact. For additional information, refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/2201201
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
revision.c in git before 2.7.4 uses an incorrect integer data type, wh ...
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
Уязвимость распределенной системы управления версиями Git, позволяющая нарушителю выполнить произвольный код
EPSS
6.8 Medium
CVSS2