Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
{ "vanir_signatures": [ { "signature_version": "v1", "target": { "function": "fsck_gitmodules_fn", "file": "fsck.c" }, "signature_type": "Function", "source": "https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404", "deprecated": false, "digest": { "length": 653.0, "function_hash": "280767856758277171414092295284574468787" }, "id": "CVE-2018-17456-2df45b27" }, { "signature_version": "v1", "target": { "function": "fsck_gitmodules_fn", "file": "fsck.c" }, "signature_type": "Function", "source": "https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46", "deprecated": false, "digest": { "length": 464.0, "function_hash": "74687755865234334360883501852567920378" }, "id": "CVE-2018-17456-6395f845" }, { "signature_version": "v1", "target": { "file": "fsck.c" }, "signature_type": "Line", "source": "https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404", "deprecated": false, "digest": { "line_hashes": [ "61187277327173978608487490955699247805", "322478933031989535159482901598085121490", "105640845193175585999041621410241546937", "320863403475869972817195883113195046675", "112056197659761133531585212977590424954", "186663816293050747954242156545984267682", "206904128480667008530182138888978574630", "191728292391714541701984138567608141284" ], "threshold": 0.9 }, "id": "CVE-2018-17456-f3198db8" }, { "signature_version": "v1", "target": { "file": "fsck.c" }, "signature_type": "Line", "source": "https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46", "deprecated": false, "digest": { "line_hashes": [ "217918380924176957102810654075341599196", "117753730928290908950277960920988579234", "238564133705298630809711888480831625193", "40793998524149642212331206026820467726", "131744534305363149181561143635993325041", "118269845443441089115293841204093565177", "154178865154027729581994095520201329671", "45981377794252269677761437338334550314" ], "threshold": 0.9 }, "id": "CVE-2018-17456-ff58f248" } ] }