Debian 9 Stretch DLA-2936-1 Critical: Libgit2 Denial Of Service
debian lts
March 21, 2022
Multiple vulnerabilities were found in libgit2, a low-level Git library, and are as follows: CVE-2018-8098
Topics Covered
Summary
CVE-2018-8098
Integer overflow in the index.c:read_entry() function while
decompressing a compressed prefix length in libgit2 before
v0.26.2 allows an attacker to cause a denial of service
(out-of-bounds read) via a crafted repository index file.
CVE-2018-8099
Incorrect returning of an error code in the index.c:read_entry()
function leads to a double free in libgit2 before v0.26.2, which
allows an attacker to cause a denial of service via a crafted
repository index file.
CVE-2018-10887
It has been discovered that an unexpected sign extension in
git_delta_apply function in delta-apply.c file may lead to an
integer overflow which in turn leads to an out of bound read,
allowing to read before the base object. An attacker may use
this flaw to leak memory addresses or cause a Denial of Service.
CVE-2018-10888
A missing check in git_delta_apply function in delta-apply.c file,
may lead to an out-of-bound read while reading a binary delta file.
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: libgit2
Version: 0.25.1+really0.24.6-1+deb9u1
CVE ID: CVE-2018-8098 CVE-2018-8099 CVE-2018-10887 CVE-2018-10888
Debian Bug: 892961 892962 903508 903509
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!