7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.068 Low
EPSS
Percentile
93.9%
Package : dulwich
Version : 0.6.1-1+deb6u1
CVE ID : CVE-2015-0838
Ivan Fratric of the Google Security Team has found a buffer overflow in
the C implementation of the apply_delta() function, used when accessing
Git objects in pack files. An attacker could take advantage of this flaw
to cause the execution of arbitrary code with the privileges of the user
running a Git server or client based on Dulwich.
For the oldoldstable distribution (squeeze), this problem has been
fixed in version 0.6.1-1+deb6u1.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | sparc | python-dulwich | < 0.8.5-2+deb7u2 | python-dulwich_0.8.5-2+deb7u2_sparc.deb |
Debian | 8 | mipsel | python-dulwich | < 0.9.7-3 | python-dulwich_0.9.7-3_mipsel.deb |
Debian | 8 | arm64 | python-dulwich | < 0.9.7-3 | python-dulwich_0.9.7-3_arm64.deb |
Debian | 7 | s390 | python-dulwich-dbg | < 0.8.5-2+deb7u2 | python-dulwich-dbg_0.8.5-2+deb7u2_s390.deb |
Debian | 7 | mipsel | python-dulwich-dbg | < 0.8.5-2+deb7u2 | python-dulwich-dbg_0.8.5-2+deb7u2_mipsel.deb |
Debian | 7 | mips | python-dulwich-dbg | < 0.8.5-2+deb7u2 | python-dulwich-dbg_0.8.5-2+deb7u2_mips.deb |
Debian | 8 | mipsel | python-dulwich-dbg | < 0.9.7-3 | python-dulwich-dbg_0.9.7-3_mipsel.deb |
Debian | 8 | powerpc | python-dulwich-dbg | < 0.9.7-3 | python-dulwich-dbg_0.9.7-3_powerpc.deb |
Debian | 7 | s390x | python-dulwich | < 0.8.5-2+deb7u2 | python-dulwich_0.8.5-2+deb7u2_s390x.deb |
Debian | 8 | mips | python-dulwich | < 0.9.7-3 | python-dulwich_0.9.7-3_mips.deb |