FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Libgit2 -- multiple vulnerabilities

Affected packages
eza < 0.18.2
1.7.0 <= libgit2 < 1.7.2
libgit2 < 1.6.5

Details

VuXML ID 43768ff3-c683-11ee-97d0-001b217b3468
Discovery 2024-02-06
Entry 2024-02-08
Modified 2024-02-14

Git community reports:

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application

A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities

[source]

References

CVE Name CVE-2024-24577
URL https://github.com/libgit2/libgit2/releases/tag/v1.7.2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.