Bug 1598021 (CVE-2018-10887) - CVE-2018-10887 libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array
Summary: CVE-2018-10887 libgit2: integer overflow leads to out-of-bounds read in git_d...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-10887
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1599319
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-04 07:36 UTC by Riccardo Schirone
Modified: 2021-02-17 00:00 UTC (History)
6 users (show)

Fixed In Version: libgit2 0.27.3, libgit2 0.26.5
Doc Type: ---
Doc Text:
It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
Clone Of:
Environment:
Last Closed: 2018-07-11 12:44:45 UTC
Embargoed:


Attachments (Terms of Use)

Description Riccardo Schirone 2018-07-04 07:36:14 UTC
An unexpected sign extension in git_delta_apply function leads to an integer overflow in the bounds check, allowing to bypass it and to read some bytes before the `base` object. An attacker may use this flaw to get an information leak or cause a Denial of Service.

Comment 1 Riccardo Schirone 2018-07-04 07:36:17 UTC
Acknowledgments:

Name: Riccardo Schirone (Product Security Red Hat)

Comment 4 Riccardo Schirone 2018-07-09 13:34:46 UTC
External References:

https://github.com/libgit2/libgit2/releases/tag/v0.27.3

Comment 5 Riccardo Schirone 2018-07-09 13:36:06 UTC
Created libgit2 tracking bugs for this issue:

Affects: fedora-all [bug 1599319]


Note You need to log in before you can comment on or make changes to this bug.