Your submission was sent successfully! Close

CVE-2017-15298

Published: 14 October 2017

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
git
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1:2.17.0-1ubuntu1)
cosmic Not vulnerable
(1:2.17.0-1ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was released [1:1.9.1-1ubuntu0.10])
upstream
Released (2.16.0)
xenial
Released (1:2.7.4-0ubuntu1.6)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a937b37e76