Bug 1598021 (CVE-2018-10887)
| Summary: | CVE-2018-10887 libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Riccardo Schirone <rschiron> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | i, icq, igor.raits, security-response-team, veeti.paananen, walter.pete |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libgit2 0.27.3, libgit2 0.26.5 | Doc Type: | --- |
| Doc Text: |
It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-07-11 12:44:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1599319 | ||
| Bug Blocks: | |||
|
Description
Riccardo Schirone
2018-07-04 07:36:14 UTC
Acknowledgments: Name: Riccardo Schirone (Product Security Red Hat) Patch: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22 External References: https://github.com/libgit2/libgit2/releases/tag/v0.27.3 Created libgit2 tracking bugs for this issue: Affects: fedora-all [bug 1599319] |