CVE-2016-2315

CWE-119 — Buffer Overflow CWE-131 CWE-122 — Heap-based Buffer Overflow CWE-190 — Integer Overflow CWE-19411 documents8 sources

Severity

9.8CRITICAL

EPSS

17.7%

top 4.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Git-scm GIT Opensuse Leap Opensuse Opensuse +5 more

Timeline

PublishedApr 8

Latest updateMay 14

Description

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

▶Debiangit< 1:2.7.0-1+3

▶Ubuntugit< 1:1.9.1-1ubuntu0.3

▶NVDgit-scm/git2.7.3

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-w2rr-v7j3-2w2r: revision↗2022-05-14

▶

OSV

CVE-2016-2315: revision↗2016-04-08

▶

CVEList

CVE-2016-2315: revision↗2016-04-08

▶

OSV

git vulnerabilities↗2016-03-21

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2016-03-21

▶

Red Hat

git: path_name() integer truncation and overflow leading to buffer overflow↗2016-03-06

▶

Debian

CVE-2016-2315: cgit - revision.c in git before 2.7.4 uses an incorrect integer data type, which allows...↗2016

▶

💬Community

Bugzilla

CVE-2016-2315 CVE-2016-2324 git: remote code execution via buffer overflow [fedora-all]↗2016-03-16

▶

Bugzilla

CVE-2016-2315 CVE-2016-2324 git: path_name() integer truncation and overflow leading to buffer overflow↗2016-03-15

▶

Bugzilla

CVE-2016-2315 CVE-2016-2324 git: remote code execution via buffer overflow [epel-5]↗2016-03-15

▶