Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-3546

Published: 07/08/2008 Updated: 11/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Parduslinux

Vulnerability Summary

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT prior to 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

Vulnerable Product Search on Vulmon Subscribe to Product

git git 1.5.5.3

git git 1.5.5.4

git git 1.5.6.3

git git 1.5.6.1

git git 1.5.6.2

Vendor Advisories

Ubuntu Security Notice: git-core vulnerabilities
It was discovered that Git did not properly handle long file paths If a user were tricked into performing commands on a specially crafted Git repository, an attacker could possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2008-3546) ...
Debian Security Advisories: DSA-1637-1 git-core -- buffer overflow
Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code The Common Vulne ...

References

CWE-119http://kerneltrap.org/mailarchive/git/2008/7/16/2529284http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txthttp://www.securityfocus.com/bid/30549http://www.securitytracker.com/id?1020627http://secunia.com/advisories/31347http://wiki.rpath.com/Advisories:rPSA-2008-0253https://issues.rpath.com/browse/RPL-2707http://www.debian.org/security/2008/dsa-1637http://secunia.com/advisories/31780http://secunia.com/advisories/32029http://security.gentoo.org/glsa/glsa-200809-16.xmlhttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.htmlhttp://secunia.com/advisories/32384http://secunia.com/advisories/33964http://www.ubuntu.com/usn/USN-723-1http://www.vupen.com/english/advisories/2008/2306https://exchange.xforce.ibmcloud.com/vulnerabilities/44217http://www.securityfocus.com/archive/1/495391/100/0/threadedhttps://usn.ubuntu.com/723-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook