CVE-2016-2315

Published: 16 March 2016

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
git
Launchpad, Ubuntu, Debian
Upstream
Released (2.7.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:1.9.1-1ubuntu0.3])
Patches:
Upstream: https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305