Published: 10/07/2018 Updated: 15/02/2024

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libgit2 libgit2
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #903509 libgit2: CVE-2018-10887: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array Package: src:libgit2; Maintainer for src:libgit2 is Russell Sim <russellsim@gmailcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 Jul ...

CWE-125 CWE-190 CWE-681 https://github.com/libgit2/libgit2/releases/tag/v0.27.3 https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22 https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a https://bugzilla.redhat.com/show_bug.cgi?id=1598021 https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903509 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10887

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect