CVE-2018-11233 — Out-of-bounds Read in GIT

CWE-125 — Out-of-bounds Read CWE-20 — Improper Input Validation11 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 47.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GIT Git-scm GIT Canonical Ubuntu Linux

Timeline

PublishedMay 30

Latest updateMay 13

Description

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Debiangit/git< 1:2.17.1-1+3

▶NVDgit-scm/git2.14.0 — 2.14.3+4

Also affects: Ubuntu Linux 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

GHSA

GHSA-f2cx-gr8r-v8wf: In Git before 2↗2022-05-13

▶

OSV

git vulnerabilities↗2018-06-05

▶

CVEList

CVE-2018-11233: In Git before 2↗2018-05-30

▶

OSV

CVE-2018-11233: In Git before 2↗2018-05-30

▶

📋Vendor Advisories

Apple

CVE-2018-11233: Xcode 9.4.1↗2018-06-13

▶

Ubuntu

Git vulnerabilities↗2018-06-05

▶

Red Hat

git: path sanity check in is_ntfs_dotgit() can read arbitrary memory↗2018-05-30

▶

Debian

CVE-2018-11233: git - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before ...↗2018

▶

💬Community

Bugzilla

CVE-2018-11233 git: path sanity-checks on NTFS can read arbitrary memory [fedora-all]↗2018-05-30

▶

Bugzilla

CVE-2018-11233 git: path sanity check in is_ntfs_dotgit() can read arbitrary memory↗2018-05-30

▶