CVE-2016-2324

CWE-119 — Buffer Overflow CWE-131 CWE-122 — Heap-based Buffer Overflow CWE-190 — Integer Overflow CWE-19411 documents8 sources

Severity

9.8CRITICAL

EPSS

22.1%

top 4.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Git-scm GIT Opensuse Leap Opensuse Opensuse +5 more

Timeline

PublishedApr 8

Latest updateMay 13

Description

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

▶Debiangit< 1:2.8.0~rc3-1+3

▶Ubuntugit< 1:1.9.1-1ubuntu0.3

▶NVDgit-scm/git2.7.3

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-p4rj-f9j6-8r9q: Integer overflow in Git before 2↗2022-05-13

▶

CVEList

CVE-2016-2324: Integer overflow in Git before 2↗2016-04-08

▶

OSV

CVE-2016-2324: Integer overflow in Git before 2↗2016-04-08

▶

OSV

git vulnerabilities↗2016-03-21

▶

📋Vendor Advisories

Ubuntu

Git vulnerabilities↗2016-03-21

▶

Red Hat

git: path_name() integer truncation and overflow leading to buffer overflow↗2016-03-06

▶

Debian

CVE-2016-2324: cgit - Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrar...↗2016

▶

💬Community

Bugzilla

CVE-2016-2315 CVE-2016-2324 git: remote code execution via buffer overflow [fedora-all]↗2016-03-16

▶

Bugzilla

CVE-2016-2315 CVE-2016-2324 git: path_name() integer truncation and overflow leading to buffer overflow↗2016-03-15

▶

Bugzilla

CVE-2016-2315 CVE-2016-2324 git: remote code execution via buffer overflow [epel-5]↗2016-03-15

▶