CVE-2016-8568

CVE-2016-8568

Name

CVE-2016-8568

Description

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html
Third Party Advisory	http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html
Third Party Advisory	http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html
Third Party Advisory	http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html
Mailing List	http://www.openwall.com/lists/oss-security/2016/10/08/7
Third Party Advisory	http://www.securityfocus.com/bid/93466
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1383211
Issue Tracking	https://github.com/libgit2/libgit2/issues/3936
Issue Tracking	https://github.com/libgit2/libgit2/releases/tag/v0.24.3
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/

Type

URI

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html

Mailing List

http://www.openwall.com/lists/oss-security/2016/10/08/7

Third Party Advisory

http://www.securityfocus.com/bid/93466

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1383211

Issue Tracking

https://github.com/libgit2/libgit2/issues/3936

Issue Tracking

https://github.com/libgit2/libgit2/releases/tag/v0.24.3

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:fedoraproject:fedora:23:::::::*`	fedora	== None	== 23
`cpe:2.3:o:fedoraproject:fedora:24:::::::*`	fedora	== None	== 24
`cpe:2.3:o:fedoraproject:fedora:25:::::::*`	fedora	== None	== 25

CPE URI

Source package

Min version

Max version

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

fedora

== None

== 23

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

fedora

== None

== 24

cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

fedora

== None

== 25

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libgit2-1.0	edge-community	0.24.3-r0	None	fixed
libgit2	edge-community	0.24.3-r0	None	fixed
libgit2-1.1	edge-community	0.24.3-r0	None	fixed
libgit2-1.5	edge-community	0.24.3-r0	None	fixed
libgit2	3.22-community	0.24.3-r0	None	fixed
libgit2	3.21-community	0.24.3-r0	None	fixed
libgit2	3.20-community	0.24.3-r0	None	fixed
libgit2	3.19-community	0.24.3-r0	None	fixed
libgit2	3.18-community	0.24.3-r0	None	fixed
libgit2	3.17-community	0.24.3-r0	None	fixed
libgit2	3.11-main	0.24.3-r0	None	fixed
libgit2	3.10-main	0.24.3-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

libgit2-1.0

edge-community

0.24.3-r0

None

fixed

libgit2

edge-community