CVE-2018-15501 - OpenCVE

In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Libgit2	Libgit2

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:libgit2:libgit2::::::::
	cpe:2.3:a:libgit2:libgit2::::::::

References

Link	Resource
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406	Exploit Issue Tracking Patch Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1104641	Issue Tracking Patch Third Party Advisory
https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649	Patch Third Party Advisory
https://github.com/libgit2/libgit2/releases/tag/v0.26.6	Release Notes Third Party Advisory
https://github.com/libgit2/libgit2/releases/tag/v0.27.4	Release Notes Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html	Mailing List Third Party Advisory
https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-18T02:00:00

Updated: 2022-03-21T02:06:14

Reserved: 2018-08-17T00:00:00

Link: CVE-2018-15501

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-18T02:29:01.713

Modified: 2022-05-11T20:59:02.783

Link: CVE-2018-15501

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-21T02:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4"}, {"tags": ["x_refsource_MISC"], "url": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1104641"}, {"name": "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649"}, {"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15501", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406"}, {"name": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4", "refsource": "MISC", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4"}, {"name": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html", "refsource": "MISC", "url": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1104641", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1104641"}, {"name": "[debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html"}, {"name": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6", "refsource": "MISC", "url": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6"}, {"name": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649", "refsource": "MISC", "url": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649"}, {"name": "[debian-lts-announce] 20220321 [SECURITY] [DLA 2936-1] libgit2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-15501", "datePublished": "2018-08-18T02:00:00", "dateReserved": "2018-08-17T00:00:00", "dateUpdated": "2022-03-21T02:06:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", "matchCriteriaId": "89FF27DE-63AA-49F8-942C-D55095953C5E", "versionEndExcluding": "0.26.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A27D980-CE50-4F8E-ACF8-F87D4A924FF5", "versionEndExcluding": "0.27.4", "versionStartIncluding": "0.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol \"ng\" packet that lacks a '\\0' byte to trigger an out-of-bounds read that leads to DoS."}, {"lang": "es", "value": "En ng_pkt en transports/smart_pkt.c en libgit2 antes de 0.26.6 y 0.27.x antes de 0.27.4, un atacante remoto puede enviar un paquete \"ng\" de protocolo inteligente manipulado que le falte un byte \"\\0\" para activar una lectura fuera de l\u00edmites que conduzca a una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-15501", "lastModified": "2022-05-11T20:59:02.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-18T02:29:01.713", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1104641"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/libgit2/libgit2/releases/tag/v0.26.6"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}