CVE-2018-1000021

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000021
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000021.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000021
Published
2018-02-09T23:29:00Z
Modified
2024-06-30T13:05:27.854033Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

References

Affected packages

Debian:11 / git

Package

Name
git
Purl
pkg:deb/debian/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.30.2-1
1:2.30.2-1+deb11u1
1:2.30.2-1+deb11u2
1:2.31.0~rc2+next.20210304-1
1:2.31.0~rc2+next.20210309-1
1:2.31.0-1
1:2.31.0+next.20210315-1
1:2.31.1-1
1:2.31.1+next.20210417-1
1:2.31.1+next.20210514-1
1:2.32.0~rc0-1
1:2.32.0~rc0+next.20210520-1
1:2.32.0~rc2-1
1:2.32.0~rc2+next.20210531-1
1:2.32.0-1
1:2.32.0+next.20210606-1
1:2.33.0-1
1:2.33.0+next.20210816-1
1:2.33.0+next.20210901-1
1:2.33.0+next.20210929-1
1:2.33.1-1
1:2.33.1+next.20211025-1
1:2.34.0-1
1:2.34.0+next.20211119-1
1:2.34.1-1~bpo11+1
1:2.34.1-1
1:2.34.1+next.20211124-1
1:2.34.1+next.20211202-1
1:2.34.1+next.20211221-1
1:2.34.1+next.20211227-1
1:2.35.1-1
1:2.35.1+next.20220128-1
1:2.35.1+next.20220211-1
1:2.35.2-1
1:2.36.0~rc2+next.20220411-1
1:2.36.0~rc2+next.20220414-1
1:2.36.0-1
1:2.36.0+next.20220417-1
1:2.36.0+next.20220428-1
1:2.36.0+next.20220504-1
1:2.36.1-1
1:2.36.1+next.20220505-1
1:2.37.2-1
1:2.37.2+next.20220812-1
1:2.38.1-1
1:2.38.1+next.20221031-1
1:2.39.0-1
1:2.39.0+next.20221212-1
1:2.39.0+next.20221220-1
1:2.39.1-0.1~bpo11+1
1:2.39.1-0.1
1:2.39.2-1~bpo11+1
1:2.39.2-1
1:2.39.2-1.1
1:2.39.2+next.20230215-1
1:2.40.0-1
1:2.40.0-1+alpha.1
1:2.40.0+next.20230313-1
1:2.40.0+next.20230319-1
1:2.40.1-1
1:2.40.1-1+alpha.1
1:2.40.1+next.20230424-1
1:2.40.1+next.20230427-1
1:2.42.0-1
1:2.43.0-1
1:2.43.0+next.20231120-1
1:2.43.0+next.20240104-1
1:2.45.1-1
1:2.45.1+next.20240516-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / git

Package

Name
git
Purl
pkg:deb/debian/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.39.2-1.1
1:2.39.2+next.20230215-1
1:2.40.0-1
1:2.40.0-1+alpha.1
1:2.40.0+next.20230313-1
1:2.40.0+next.20230319-1
1:2.40.1-1
1:2.40.1-1+alpha.1
1:2.40.1+next.20230424-1
1:2.40.1+next.20230427-1
1:2.42.0-1
1:2.43.0-1
1:2.43.0+next.20231120-1
1:2.43.0+next.20240104-1
1:2.45.1-1
1:2.45.1+next.20240516-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / git

Package

Name
git
Purl
pkg:deb/debian/git?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.39.2-1.1
1:2.39.2+next.20230215-1
1:2.40.0-1
1:2.40.0-1+alpha.1
1:2.40.0+next.20230313-1
1:2.40.0+next.20230319-1
1:2.40.1-1
1:2.40.1-1+alpha.1
1:2.40.1+next.20230424-1
1:2.40.1+next.20230427-1
1:2.42.0-1
1:2.43.0-1
1:2.43.0+next.20231120-1
1:2.43.0+next.20240104-1
1:2.45.1-1
1:2.45.1+next.20240516-1

Ecosystem specific

{
    "urgency": "unimportant"
}