Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-10128

Published: 24/03/2017 Updated: 28/03/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libgit2 Project

Vulnerability Summary

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 prior to 0.24.6 and 0.25.x prior to 0.25.1 allows remote malicious users to have unspecified impact via a crafted non-flush packet.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libgit2 project libgit2 0.25.0

libgit2 project libgit2

Vendor Advisories

Debian CVElist Bug Report Logs: libgit2: CVE-2016-10128 CVE-2016-10129 CVE-2016-10130
Debian Bug report logs - #851406 libgit2: CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 Package: src:libgit2; Maintainer for src:libgit2 is Russell Sim <russellsim@gmailcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 14 Jan 2017 15:54:05 UTC Severity: important Tags: confirmed, jessie, patch, ...
Arch Linux Issues:
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line` The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself Not checking this may result in a buffer overfl ...

References

CWE-119https://libgit2.github.com/security/https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2http://www.openwall.com/lists/oss-security/2017/01/11/6http://www.openwall.com/lists/oss-security/2017/01/10/5http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.htmlhttp://lists.opensuse.org/opensuse-updates/2017-02/msg00036.htmlhttp://lists.opensuse.org/opensuse-updates/2017-02/msg00030.htmlhttp://www.securityfocus.com/bid/95338https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851406https://nvd.nist.govhttps://security.archlinux.org/CVE-2016-10128
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook