CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24577 – libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`
https://notcve.org/view.php?id=CVE-2024-24577
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. • https://github.com/libgit2/libgit2/releases/tag/v1.6.5 https://github.com/libgit2/libgit2/releases/tag/v1.7.2 https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE https://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24575 – libgit2 is vulnerable to a denial of service attack in `git_revparse_single`
https://notcve.org/view.php?id=CVE-2024-24575
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. • https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa https://github.com/libgit2/libgit2/releases/tag/v1.6.5 https://github.com/libgit2/libgit2/releases/tag/v1.7.2 https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE https://lists. • CWE-400: Uncontrolled Resource Consumption •