The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.19.0-2ubuntu0.4+esm1", "binary_name": "libgit2-0" }, { "binary_version": "0.19.0-2ubuntu0.4+esm1", "binary_name": "libgit2-0-dbgsym" }, { "binary_version": "0.19.0-2ubuntu0.4+esm1", "binary_name": "libgit2-dbg" }, { "binary_version": "0.19.0-2ubuntu0.4+esm1", "binary_name": "libgit2-dev" }, { "binary_version": "0.19.0-2ubuntu0.4+esm1", "binary_name": "libgit2-dev-dbgsym" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.24.1-2ubuntu0.2+esm1", "binary_name": "libgit2-24" }, { "binary_version": "0.24.1-2ubuntu0.2+esm1", "binary_name": "libgit2-24-dbgsym" }, { "binary_version": "0.24.1-2ubuntu0.2+esm1", "binary_name": "libgit2-dev" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "0.26.0+dfsg.1-1.1build1", "binary_name": "libgit2-26" }, { "binary_version": "0.26.0+dfsg.1-1.1build1", "binary_name": "libgit2-26-dbgsym" }, { "binary_version": "0.26.0+dfsg.1-1.1build1", "binary_name": "libgit2-dev" } ] }