GHSA-22q8-ghmq-63vf

Suggest an improvement
Source
https://github.com/advisories/GHSA-22q8-ghmq-63vf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-22q8-ghmq-63vf/GHSA-22q8-ghmq-63vf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-22q8-ghmq-63vf
Aliases
Related
Published
2024-02-12T15:42:14Z
Modified
2024-02-15T01:26:53.398583Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
Summary
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
Details

The libgit2 project fixed three security issues in the 1.7.2 release. These issues are:

  • The git_revparse_single function can potentially enter an infinite loop on a well-crafted input, potentially causing a Denial of Service. This function is exposed in the git2 crate via the Repository::revparse_single method.
  • The git_index_add function may cause heap corruption and possibly lead to arbitrary code execution. This function is exposed in the git2 crate via the Index::add method.
  • The smart transport negotiation may experience an out-of-bounds read when a remote server did not advertise capabilities.

The libgit2-sys crate bundles libgit2, or optionally links to a system libgit2 library. In either case, versions of the libgit2 library less than 1.7.2 are vulnerable. The 0.16.2 release of libgit2-sys bundles the fixed version of 1.7.2, and requires a system libgit2 version of at least 1.7.2.

It is recommended that all users upgrade.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-12T15:42:14Z"
}
References

Affected packages

crates.io / libgit2-sys

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.16.2

Ecosystem specific

{
    "affected_functions": [
        "libgit2_sys::git_index_add",
        "libgit2_sys::git_revparse_single"
    ]
}