Vulnerability Details CVE-2018-10888
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1598024
- https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
- https://github.com/libgit2/libgit2/releases/tag/v0.27.3
- https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1598024
- https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
- https://github.com/libgit2/libgit2/releases/tag/v0.27.3
- https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html
Products affected by CVE-2018-10888
-
cpe:2.3:a:libgit2:libgit2:-
-
cpe:2.3:a:libgit2:libgit2:0.1.0
-
cpe:2.3:a:libgit2:libgit2:0.10.0
-
cpe:2.3:a:libgit2:libgit2:0.11.0
-
cpe:2.3:a:libgit2:libgit2:0.12.0
-
cpe:2.3:a:libgit2:libgit2:0.13.0
-
cpe:2.3:a:libgit2:libgit2:0.14.0
-
cpe:2.3:a:libgit2:libgit2:0.15.0
-
cpe:2.3:a:libgit2:libgit2:0.16.0
-
cpe:2.3:a:libgit2:libgit2:0.17.0
-
cpe:2.3:a:libgit2:libgit2:0.18.0
-
cpe:2.3:a:libgit2:libgit2:0.19.0
-
cpe:2.3:a:libgit2:libgit2:0.2.0
-
cpe:2.3:a:libgit2:libgit2:0.20.0
-
cpe:2.3:a:libgit2:libgit2:0.21.0
-
cpe:2.3:a:libgit2:libgit2:0.21.1
-
cpe:2.3:a:libgit2:libgit2:0.21.2
-
cpe:2.3:a:libgit2:libgit2:0.21.3
-
cpe:2.3:a:libgit2:libgit2:0.21.4
-
cpe:2.3:a:libgit2:libgit2:0.21.5
-
cpe:2.3:a:libgit2:libgit2:0.22.0
-
cpe:2.3:a:libgit2:libgit2:0.22.1
-
cpe:2.3:a:libgit2:libgit2:0.22.2
-
cpe:2.3:a:libgit2:libgit2:0.22.3
-
cpe:2.3:a:libgit2:libgit2:0.23.0
-
cpe:2.3:a:libgit2:libgit2:0.23.1
-
cpe:2.3:a:libgit2:libgit2:0.23.2
-
cpe:2.3:a:libgit2:libgit2:0.23.3
-
cpe:2.3:a:libgit2:libgit2:0.23.4
-
cpe:2.3:a:libgit2:libgit2:0.24.0
-
cpe:2.3:a:libgit2:libgit2:0.24.1
-
cpe:2.3:a:libgit2:libgit2:0.24.2
-
cpe:2.3:a:libgit2:libgit2:0.24.3
-
cpe:2.3:a:libgit2:libgit2:0.24.4
-
cpe:2.3:a:libgit2:libgit2:0.24.5
-
cpe:2.3:a:libgit2:libgit2:0.24.6
-
cpe:2.3:a:libgit2:libgit2:0.25.0
-
cpe:2.3:a:libgit2:libgit2:0.25.1
-
cpe:2.3:a:libgit2:libgit2:0.26.0
-
cpe:2.3:a:libgit2:libgit2:0.26.1
-
cpe:2.3:a:libgit2:libgit2:0.26.2
-
cpe:2.3:a:libgit2:libgit2:0.26.3
-
cpe:2.3:a:libgit2:libgit2:0.26.4
-
cpe:2.3:a:libgit2:libgit2:0.26.5
-
cpe:2.3:a:libgit2:libgit2:0.26.6
-
cpe:2.3:a:libgit2:libgit2:0.26.7
-
cpe:2.3:a:libgit2:libgit2:0.26.8
-
cpe:2.3:a:libgit2:libgit2:0.27.0
-
cpe:2.3:a:libgit2:libgit2:0.27.1
-
cpe:2.3:a:libgit2:libgit2:0.27.2
-
cpe:2.3:a:libgit2:libgit2:0.3.0
-
cpe:2.3:a:libgit2:libgit2:0.8.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0