CVE-2016-10130

The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:*:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libgit2_project:libgit2:0.25.0:rc2:*:*:*:*:*:*

History

No history.

Information

Published : 2017-03-24 15:59

Updated : 2024-02-28 15:44


NVD link : CVE-2016-10130

Mitre link : CVE-2016-10130

CVE.ORG link : CVE-2016-10130


JSON object : View

Products Affected

libgit2_project

  • libgit2
CWE
CWE-284

Improper Access Control