CVE-2016-10129

Published: 24 March 2017

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libgit2
Launchpad, Ubuntu, Debian
Upstream
Released (0.24.6, 0.25.1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(0.26.0+dfsg.1-1.1build1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.26.0+dfsg.1-1.1build1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.26.0+dfsg.1-1.1build1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed