CVE-2016-8568

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/08/7 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/93466 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1383211 Issue Tracking
https://github.com/libgit2/libgit2/issues/3936 Issue Tracking Patch Third Party Advisory
https://github.com/libgit2/libgit2/releases/tag/v0.24.3 Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/
http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/10/08/7 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/93466 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1383211 Issue Tracking
https://github.com/libgit2/libgit2/issues/3936 Issue Tracking Patch Third Party Advisory
https://github.com/libgit2/libgit2/releases/tag/v0.24.3 Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:59

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html - Third Party Advisory
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2016/10/08/7 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2016/10/08/7 - Mailing List, Patch, Third Party Advisory
References () http://www.securityfocus.com/bid/93466 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/93466 - Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/show_bug.cgi?id=1383211 - Issue Tracking () https://bugzilla.redhat.com/show_bug.cgi?id=1383211 - Issue Tracking
References () https://github.com/libgit2/libgit2/issues/3936 - Issue Tracking, Patch, Third Party Advisory () https://github.com/libgit2/libgit2/issues/3936 - Issue Tracking, Patch, Third Party Advisory
References () https://github.com/libgit2/libgit2/releases/tag/v0.24.3 - Issue Tracking, Patch, Third Party Advisory () https://github.com/libgit2/libgit2/releases/tag/v0.24.3 - Issue Tracking, Patch, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/ -

07 Nov 2023, 02:36

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/', 'name': 'FEDORA-2016-505d7fe198', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/', 'name': 'FEDORA-2016-bc51f4636f', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/', 'name': 'FEDORA-2016-616a35205b', 'tags': ['Patch', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/ -

Information

Published : 2017-02-03 15:59

Updated : 2024-11-21 02:59


NVD link : CVE-2016-8568

Mitre link : CVE-2016-8568

CVE.ORG link : CVE-2016-8568


JSON object : View

Products Affected

opensuse

  • opensuse
  • leap

libgit2_project

  • libgit2

suse

  • linux_enterprise

fedoraproject

  • fedora
CWE
CWE-125

Out-of-bounds Read