CVE-2018-8098

Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.

References

Affected packages

Git / github.com/libgit2/libgit2

Affected ranges

Type: GIT
Repo: https://github.com/libgit2/libgit2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3207ddb0103543da8ad2139ec6539f590f9900c1

Fixed

3db1af1f370295ad5355b8f64b865a2a357bcac0

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.20.0

v0.21.0

v0.21.0-rc1

v0.21.0-rc2

v0.22.0

v0.22.0-rc1

v0.22.0-rc2

v0.23.0

v0.23.0-rc1

v0.23.0-rc2

v0.24.0

v0.24.0-rc1

v0.24.4

v0.25.0

v0.25.0-rc1

v0.25.0-rc2

v0.25.1

v0.26.0

v0.26.0-rc1

v0.26.0-rc2

v0.27.0-rc1

v0.27.0-rc2

v0.3.0

v0.8.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1",
        "target": {
            "file": "src/index.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "135896982973916903305795107330050348358",
                "184939043377130665668669129652211017347",
                "307748016171779875675699727869171429237",
                "241739025222590407109663724768545593759",
                "23267720098037586023124815692439880216",
                "24661678461091087705214163136838974316",
                "90907465384696908184435450087934824448",
                "277379174238028553344217817776980333730",
                "119481454443235298950043312408905204454",
                "229678914226100167683291621348395190622",
                "255372000690676535671072658154186099275",
                "165531933752734538812548705048040921207"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2018-8098-29acfe81"
    },
    {
        "source": "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0",
        "target": {
            "function": "read_entry",
            "file": "src/index.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "246649163477619425943625058297505629752",
            "length": 2424.0
        },
        "id": "CVE-2018-8098-4f31e94b"
    },
    {
        "source": "https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0",
        "target": {
            "file": "src/index.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "141483021335339819124933711314206168721",
                "280044570307664668512922797033150797893",
                "107336017663805971098182807133813759392",
                "106245098137727488871049077359393965434"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2018-8098-95b2376a"
    },
    {
        "source": "https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1",
        "target": {
            "function": "read_entry",
            "file": "src/index.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "109719023837396517359196467765305835058",
            "length": 2411.0
        },
        "id": "CVE-2018-8098-eb1d4f8c"
    }
]