CVE-2016-10128

Published: 24 March 2017

Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
libgit2
Launchpad, Ubuntu, Debian
Upstream
Released (0.24.6, 0.25.1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(0.26.0+dfsg.1-1.1build1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.26.0+dfsg.1-1.1build1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.26.0+dfsg.1-1.1build1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed