Описание
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_index_add can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the has_dir_name function in src/libgit2/index.c, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.
A flaw was found in libgit2, a cross-platform, linkable library implementation of Git. A specially crafted payload to git_index_add can cause heap corruption that could be leveraged for arbitrary code execution. The attacker must be able to trigger two consecutive calls to git_index_add with a filename that starts with a / character to exploit this vulnerability. To control the heap corruption, the attacker must be able to control the ctime field of the git_index_entry data structure.
Отчет
Cargo in Red Hat Enterprise Linux 8 & 9 does use a bundled libgit2. However, cargo does not call git_index_add directly, and the only indirect call I can find is via git_reset, which does not involve any externally-provided paths. Therefore, Red Hat Enterprise Linux should be Not Affected by this CVE.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Developer Tools | rust-toolset-1.66-rust | Not affected | ||
| Red Hat Enterprise Linux 7 | libgit2 | Not affected | ||
| Red Hat Enterprise Linux 8 | libgit2 | Not affected | ||
| Red Hat Enterprise Linux 8 | rust-toolset:rhel8/rust | Not affected | ||
| Red Hat Enterprise Linux 9 | rust | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.
libgit2 is a portable C implementation of the Git core methods provide ...
EPSS
9.8 Critical
CVSS3