Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libgit2 libgit2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-8098
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an malicious user to cause a denial of service (out-of-bounds read) via a crafted repository index file.
Libgit2 Libgit2
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-8099
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an malicious user to cause a denial of service via a crafted repository index file.
Libgit2 Libgit2
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2&...
Libgit2 Libgit2
Libgit2 Libgit2 1.5.0
5.9
CVSSv3
CVE-2016-10130
The http_connect function in transports/http.c in libgit2 prior to 0.24.6 and 0.25.x prior to 0.25.1 might allow man-in-the-middle malicious users to spoof servers by leveraging clobbering of the error variable.
Libgit2 Project Libgit2
Libgit2 Project Libgit2 0.25.0
5.5
CVSSv3
CVE-2016-8569
The git_oid_nfmt function in commit.c in libgit2 prior to 0.24.3 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
Libgit2 Project Libgit2
Fedoraproject Fedora 25
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Suse Linux Enterprise 12.0
Opensuse Leap 42.2
Opensuse Leap 42.1
Opensuse Opensuse 13.2
5.5
CVSSv3
CVE-2016-8568
The git_commit_message function in oid.c in libgit2 prior to 0.24.3 allows remote malicious users to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
Fedoraproject Fedora 25
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Suse Linux Enterprise 12.0
Opensuse Leap 42.2
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Libgit2 Project Libgit2
NA
CVE-2017-5338
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
NA
CVE-2017-5339
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2