In ng_pkt in transports/smart_pkt.c in libgit2 prior to 0.26.6 and 0.27.x prior to 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
libgit2 libgit2 |