Several flaws were found in libgit2 before version 0.26.2. There are memory handling issues when reading crafted repository index files. The issues allow for possible denial of service due to allocation of large memory and out-of-bound reads. As the index is never transferred via the network, exploitation requires an attacker to have access to the local repository.
Created libgit2 tracking bugs for this issue:
Affects: fedora-all [bug 1554368]
Affects: epel-all [bug 1554367]
References added for CVE-2018-8098:
References added for CVE-2018-8099:
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):