CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-10128
https://notcve.org/view.php?id=CVE-2016-10128
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. Desbordamiento de búfer en la función git_pkt_parse_line en transports/smart_pkt.c en el soporte Git Smart Protocol en libgit2 en versiones anteriores a 0.24.6 y 0.25.x en versiones anteriores a 0.25.1 permite a atacantes remotos tener impacto no especificado a través de un paquete non-flush manipulado. • http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html http://www.openwall.com/lists/oss-security/2017/01/10/5 http://www.openwall.com/lists/oss-security/2017/01/11/6 http://www.securityfocus.com/bid/95338 https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-10130
https://notcve.org/view.php?id=CVE-2016-10130
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. La función http_connect en transports/http.c en libgit2 en versiones anteriores a 0.24.6 y 0.25.x en versiones anteriores a 0.25.1 podría permitir a atacantes man-in-the-middle suplantar servidores a provechando el clobbering de la variable de error. • http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html http://www.openwall.com/lists/oss-security/2017/01/10/5 http://www.openwall.com/lists/oss-security/2017/01/11/6 http://www.securityfocus.com/bid/95359 https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2016-10129
https://notcve.org/view.php?id=CVE-2016-10129
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. El soporte Git Smart Protocol en libgit2 en versiones anteriores a 0.24.6 y 0.25.x en versiones anteriores a 0.25.1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de una linea de paquete vacía. • http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html http://www.openwall.com/lists/oss-security/2017/01/10/5 http://www.openwall.com/lists/oss-security/2017/01/11/6 http://www.securityfocus.com/bid/95339 https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8568
https://notcve.org/view.php?id=CVE-2016-8568
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. La función git_commit_message en oid.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html http://www.openwall.com/lists/oss-security/2016/10/08/7 http://www.securityfocus.com/bid/93466 https://bugzilla.redhat.com/show_bug.cgi?id=1383211 https://github.com/libgit2/libgit2/issues/3936 https://github.com/libgit2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8569
https://notcve.org/view.php?id=CVE-2016-8569
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. La función git_oid_nfmt en commit.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html http://www.openwall.com/lists/oss-security/2016/10/08/7 http://www.securityfocus.com/bid/93465 https://bugzilla.redhat.com/show_bug.cgi?id=1383211 https://github.com/libgit2/libgit2/issues/3937 https://github.com/libgit2 • CWE-476: NULL Pointer Dereference •