Описание
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 0.27.4+dfsg.1-0.1 |
| devel | not-affected | 0.27.4+dfsg.1-0.1 |
| disco | not-affected | 0.27.4+dfsg.1-0.1 |
| eoan | not-affected | 0.27.4+dfsg.1-0.1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 0.27.4+dfsg.1-0.1 |
| esm-apps/jammy | not-affected | 0.27.4+dfsg.1-0.1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | needed |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27. ...
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
Уязвимость функции ng_pkt компонента transports/smart_pkt.c реализации методов Git на языке C Libgit2, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3