Published: 14/10/2017 Updated: 02/05/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Git up to and including 2.14.2 mishandles layers of tree objects, which allows remote malicious users to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

Vulnerable Product	Search on Vulmon	Subscribe to Product
git-scm git
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.10
canonical ubuntu linux 14.04

Several security issues were fixed in Git ...

Mishandling layers of tree objectsGit through 2142 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data str ...

Git through 2142 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to ...

CWE-400 https://kate.io/blog/git-bomb/https://github.com/Katee/git-bomb https://usn.ubuntu.com/3829-1/http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html https://usn.ubuntu.com/3829-1/https://nvd.nist.gov

CVE-2017-15298

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect