A flaw was found in libgit2 before version 0.27.3. A missing check in gitdeltaapply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux"
}
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.27.3"
}
],
"cpe": "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}"2026-07-08T14:59:24Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10888.json"
[
{
"signature_type": "Function",
"target": {
"file": "src/delta.c",
"function": "git_delta_apply"
},
"deprecated": false,
"digest": {
"length": 1653.0,
"function_hash": "328043144487899150730101617036537699878"
},
"id": "CVE-2018-10888-a7a65835",
"source": "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "src/delta.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"8219917613978475874616252252903839753",
"157188723891115284879704770483038487554",
"159604477385763283317304130011059385784",
"206338886654848625335911067195291416915",
"191971042947744980791634820005590670727",
"149459393739412816323913349285558660908",
"202190232388223568525406027698288255921",
"248693588680834188084334061751426487955",
"44641286980390635702979826641543948021",
"282553991696690259056494778295165650355",
"167706338245615166082035964895252361564"
],
"threshold": 0.9
},
"id": "CVE-2018-10888-a9b7c45d",
"source": "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3",
"signature_version": "v1"
}
]