CVE-2018-11233
published 2018-05-30CVE-2018-11233: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can…
high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | xcode | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | git | < git 1:2.17.1-1 (bookworm) | git 1:2.17.1-1 (bookworm) |
| git-scm | git | <= 2.13.6 | — |
| git-scm | git | — | — |
| git-scm | git | 2.14.0 – 2.14.3 | — |
| git-scm | git | 2.15.0 – 2.15.1 | — |
| git-scm | git | 2.16.0 – 2.16.3 | — |
| git | git | >= 0 < 1:2.17.1-1 | 1:2.17.1-1 |
| git | git | >= 0 < 1:2.17.1-1 | 1:2.17.1-1 |
| git | git | >= 0 < 1:2.17.1-1 | 1:2.17.1-1 |
| git | git | >= 0 < 1:2.17.1-1 | 1:2.17.1-1 |
| git | git | >= 0 < 1:1.9.1-1ubuntu0.8 | 1:1.9.1-1ubuntu0.8 |
| git | git | >= 0 < 1:2.7.4-0ubuntu1.4 | 1:2.7.4-0ubuntu1.4 |
| git | git | >= 0 < 1:2.17.1-1ubuntu0.1 | 1:2.17.1-1ubuntu0.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH