UBUNTU-CVE-2018-10887

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-10887

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10887.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-10887

Related

CVE-2018-10887

Published

2018-07-10T14:29:00Z

Modified

2018-07-10T14:29:00Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in gitdeltaapply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

References

Affected packages

Ubuntu:14.04:LTS / libgit2

Package

Name: libgit2
Purl: pkg:deb/ubuntu/libgit2?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.19.0-2ubuntu0.4

Affected versions

0.*

0.19.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.19.0-2ubuntu0.4",
            "binary_name": "libgit2-0"
        },
        {
            "binary_version": "0.19.0-2ubuntu0.4",
            "binary_name": "libgit2-0-dbgsym"
        },
        {
            "binary_version": "0.19.0-2ubuntu0.4",
            "binary_name": "libgit2-dbg"
        },
        {
            "binary_version": "0.19.0-2ubuntu0.4",
            "binary_name": "libgit2-dev"
        },
        {
            "binary_version": "0.19.0-2ubuntu0.4",
            "binary_name": "libgit2-dev-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / libgit2

Package

Name: libgit2
Purl: pkg:deb/ubuntu/libgit2?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.24.1-2ubuntu0.2

Affected versions

0.*

0.22.2-2

0.23.1-1

0.24.1-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.24.1-2ubuntu0.2",
            "binary_name": "libgit2-24"
        },
        {
            "binary_version": "0.24.1-2ubuntu0.2",
            "binary_name": "libgit2-24-dbgsym"
        },
        {
            "binary_version": "0.24.1-2ubuntu0.2",
            "binary_name": "libgit2-dev"
        }
    ]
}

Ubuntu:18.04:LTS / libgit2

Package

Name: libgit2
Purl: pkg:deb/ubuntu/libgit2?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.26.0+dfsg.1-1.1ubuntu0.2

Affected versions

0.*

0.25.1+really0.24.6-1

0.26.0+dfsg.1-1.1

0.26.0+dfsg.1-1.1build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.26.0+dfsg.1-1.1ubuntu0.2",
            "binary_name": "libgit2-26"
        },
        {
            "binary_version": "0.26.0+dfsg.1-1.1ubuntu0.2",
            "binary_name": "libgit2-26-dbgsym"
        },
        {
            "binary_version": "0.26.0+dfsg.1-1.1ubuntu0.2",
            "binary_name": "libgit2-dev"
        }
    ]
}