CVE-2016-10128

CWE-119 — Buffer Overflow7 documents6 sources

Severity

9.8CRITICAL

EPSS

2.7%

top 14.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libgit2 Project Libgit2

Timeline

PublishedMar 24

Latest updateMay 17

Description

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Debianlibgit2< 0.25.1+really0.24.6-1+3

▶NVDlibgit2_project/libgit20.24.5+1

▶Debiancargo< 0.17.0-1+1

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-23v5-3rr6-rp4h: Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt↗2022-05-17

▶

OSV

CVE-2016-10128: Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt↗2017-03-24

▶

CVEList

CVE-2016-10128: Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt↗2017-03-24

▶

📋Vendor Advisories

Debian

CVE-2016-10128: cargo - Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in ...↗2016

▶

💬Community

Bugzilla

CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2017-5338 CVE-2017-5339 libgit2: Two vulnerabilities fixed in libgit 0.25.1 and 0.24.6 [epel-all]↗2017-01-10

▶

Bugzilla

CVE-2016-10128 CVE-2016-10129 CVE-2016-10130 CVE-2017-5338 CVE-2017-5339 libgit2: Two vulnerabilities fixed in libgit 0.25.1 and 0.24.6 [fedora-all]↗2017-01-10

▶