Integer overflow in Git prior to 2.7.4 allows remote malicious users to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse openstack cloud 5 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise software development kit 12.0 |
||
suse linux enterprise server 12.0 |
||
suse linux enterprise software development kit 11 |
||
suse linux enterprise debuginfo 11 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.2 |
||
suse suse linux enterprise server 12 |
||
git-scm git |
If you're running below version 2.8.0, you're at risk
Updated A chap who found two serious security bugs in Git servers and clients has urged people to patch their software. The flaws are present in Git including the 2.x, 1.9 and 1.7 branches, meaning the vulnerabilities have been lurking in the open-source version control tool for years. It is possible these two programming blunders can be potentially exploited to corrupt memory or execute malicious code on remote servers and clients. To do so, an attacker would have to craft a Git repository with...