Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2016-2315

Published: 08/04/2016 Updated: 21/06/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Suse

Vulnerability Summary

revision.c in git prior to 2.7.4 uses an incorrect integer data type, which allows remote malicious users to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

suse openstack cloud 5

suse linux enterprise software development kit 12

suse linux enterprise server 12

suse linux enterprise software development kit 11

suse linux enterprise debuginfo 11

opensuse leap 42.1

opensuse opensuse 13.2

suse suse linux enterprise server 12

git-scm git 2.7.3

Vendor Advisories

Debian CVElist Bug Report Logs: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE
Debian Bug report logs - #818318 git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE Package: git; Maintainer for git is Gerrit Pape <pape@smardenorg>; Source for git is src:git (PTS, buildd, popcon) Reported by: Ximin Luo <infinity0@debianorg> Date: Tue, 15 Mar 2016 21:18:01 UTC Sev ...
Ubuntu Security Notice: git vulnerabilities
Git could be made to crash or run programs as your login if it received changes from a specially crafted remote repository ...
Debian Security Advisories: DSA-3521-1 git -- security update
Lael Cellier discovered two buffer overflow vulnerabilities in git, a fast, scalable, distributed revision control system, which could be exploited for remote execution of arbitrary code For the oldstable distribution (wheezy), these problems have been fixed in version 1:17104-1+wheezy3 For the stable distribution (jessie), these problems have ...
Amazon Linux AMI: ALAS-2016-672
An integer truncation flaw (CVE-2016-2315) and an integer overflow flaw (CVE-2016-2324), both leading to a heap-based buffer overflow, were found in the way Git processed certain path information A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code ...

Recent Articles

Get ready to patch Git servers, clients – nasty-looking bugs surface
The Register • Chris Williams, Editor in Chief • 16 Mar 2016

If you're running below version 2.8.0, you're at risk

Updated A chap who found two serious security bugs in Git servers and clients has urged people to patch their software. The flaws are present in Git including the 2.x, 1.9 and 1.7 branches, meaning the vulnerabilities have been lurking in the open-source version control tool for years. It is possible these two programming blunders can be potentially exploited to corrupt memory or execute malicious code on remote servers and clients. To do so, an attacker would have to craft a Git repository with...

Read more...

References

CWE-119https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txthttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.htmlhttps://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60http://pastebin.com/UX2P2jjghttp://www.openwall.com/lists/oss-security/2016/03/15/5http://www.securitytracker.com/id/1035290http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.htmlhttps://security.gentoo.org/glsa/201605-01http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/84355http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.htmlhttp://www.ubuntu.com/usn/USN-2938-1http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.htmlhttp://www.debian.org/security/2016/dsa-3521http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.htmlhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00011.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0496.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818318https://usn.ubuntu.com/2938-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook