CVE-2016-2324
Published: 15 March 2016
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
git Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(2.7.4-0ubuntu1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [1:1.9.1-1ubuntu0.3])
|
|
Patches: Upstream: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d Vendor: https://bugzilla.novell.com/show_bug.cgi?id=971328#c6 |