Denial of Service in libgit2
ID: | FEDORA-2018-3e021c6c2e |
Distribution: | Fedora |
Plattformen: | Fedora 28 |
Datum: | Do, 9. August 2018, 22:57 |
Referenzen: | Keine Angabe |
Applikationen: | Git |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-3e021c6c2e 2018-08-09 17:40:27.265194 -------------------------------------------------------------------------------- Name : libgit2 Product : Fedora 28 Version : 0.26.6 Release : 1.fc28 URL : http://libgit2.github.com/ Summary : C implementation of the Git core methods as a library with a solid API Description : libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings. -------------------------------------------------------------------------------- Update Information: This is a security release fixing out-of-bounds reads when processing smart- protocol "ng" packets. When parsing an "ng" packet, we keep track of both the current position as well as the remaining length of the packet itself. But instead of taking care not to exceed the length, we pass the current pointer's position to strchr, which will search for a certain character until hitting NUL. It is thus possible to create a crafted packet which doesn't contain a NUL byte to trigger an out-of-bounds read. The issue was discovered by the oss-fuzz project, issue 9406. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 7 2018 Pete Walter |