DEBIAN-CVE-2018-1000021

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2018-1000021

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-1000021.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2018-1000021

Upstream

CVE-2018-1000021

Published

2018-02-09T23:29:00.557Z

Modified

2025-11-20T10:13:24.044923Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

References

https://security-tracker.debian.org/tracker/CVE-2018-1000021

Affected packages

Debian:11 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.30.2-1

1:2.30.2-1+deb11u1

1:2.30.2-1+deb11u2

1:2.30.2-1+deb11u3

1:2.30.2-1+deb11u4

1:2.30.2-1+deb11u5

1:2.31.0~rc2+next.20210304-1

1:2.31.0~rc2+next.20210309-1

1:2.31.0-1

1:2.31.0+next.20210315-1

1:2.31.1-1

1:2.31.1+next.20210417-1

1:2.31.1+next.20210514-1

1:2.32.0~rc0-1

1:2.32.0~rc0+next.20210520-1

1:2.32.0~rc2-1

1:2.32.0~rc2+next.20210531-1

1:2.32.0-1

1:2.32.0+next.20210606-1

1:2.33.0-1

1:2.33.0+next.20210816-1

1:2.33.0+next.20210901-1

1:2.33.0+next.20210929-1

1:2.33.1-1

1:2.33.1+next.20211025-1

1:2.34.0-1

1:2.34.0+next.20211119-1

1:2.34.1-1~bpo11+1

1:2.34.1-1

1:2.34.1+next.20211124-1

1:2.34.1+next.20211202-1

1:2.34.1+next.20211221-1

1:2.34.1+next.20211227-1

1:2.35.1-1

1:2.35.1+next.20220128-1

1:2.35.1+next.20220211-1

1:2.35.2-1

1:2.36.0~rc2+next.20220411-1

1:2.36.0~rc2+next.20220414-1

1:2.36.0-1

1:2.36.0+next.20220417-1

1:2.36.0+next.20220428-1

1:2.36.0+next.20220504-1

1:2.36.1-1

1:2.36.1+next.20220505-1

1:2.37.2-1

1:2.37.2+next.20220812-1

1:2.38.1-1

1:2.38.1+next.20221031-1

1:2.39.0-1

1:2.39.0+next.20221212-1

1:2.39.0+next.20221220-1

1:2.39.1-0.1~bpo11+1

1:2.39.1-0.1

1:2.39.2-1~bpo11+1

1:2.39.2-1

1:2.39.2-1.1

1:2.39.2+next.20230215-1

1:2.40.0-1

1:2.40.0-1+alpha.1

1:2.40.0+next.20230313-1

1:2.40.0+next.20230319-1

1:2.40.1-1

1:2.40.1-1+alpha.1

1:2.40.1+next.20230424-1

1:2.40.1+next.20230427-1

1:2.42.0-1

1:2.43.0-1

1:2.43.0-1+alpha.2

1:2.43.0+next.20231120-1

1:2.43.0+next.20240104-1

1:2.45.1-1

1:2.45.1+next.20240516-1

1:2.45.2-1

1:2.45.2-1+alpha.1

1:2.45.2-1.1

1:2.45.2-1.1+alpha.1

1:2.45.2-1.2

1:2.45.2-1.3

1:2.45.2+next.20240614-1

1:2.47.1-1

1:2.47.2-0.1

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.39.2-1.1

1:2.39.2+next.20230215-1

1:2.39.5-0+deb12u1

1:2.39.5-0+deb12u2

1:2.39.5-0+deb12u3

1:2.40.0-1

1:2.40.0-1+alpha.1

1:2.40.0+next.20230313-1

1:2.40.0+next.20230319-1

1:2.40.1-1

1:2.40.1-1+alpha.1

1:2.40.1+next.20230424-1

1:2.40.1+next.20230427-1

1:2.42.0-1

1:2.43.0-1

1:2.43.0-1+alpha.2

1:2.43.0+next.20231120-1

1:2.43.0+next.20240104-1

1:2.45.1-1

1:2.45.1+next.20240516-1

1:2.45.2-1

1:2.45.2-1+alpha.1

1:2.45.2-1.1

1:2.45.2-1.1+alpha.1

1:2.45.2-1.2

1:2.45.2-1.3

1:2.45.2+next.20240614-1

1:2.47.1-1

1:2.47.2-0.1

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.47.2-0.2

1:2.47.3-0+deb13u1

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / git

Package

Name: git
Purl: pkg:deb/debian/git?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:2.*

1:2.47.2-0.2

1:2.48.0~rc1+next.20250101-1

1:2.49.0-1

1:2.49.0-2

1:2.49.0-3

1:2.49.0+next.20250314-1

1:2.50.0~rc0+next.20250528-1

1:2.50.0-1

1:2.50.0+next.20250615-1

1:2.50.1-0.1

1:2.51.0-1

1:2.51.0+next.20250825-1

Ecosystem specific

{
    "urgency": "unimportant"
}