9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.4%
When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. (CVE-2023-22742) Using well-crafted inputs to git_index_add
can cause heap corruption that could be leveraged for arbitrary code execution. (CVE-2024-24577)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | libgit2 | < 1.3.2-1.1 | libgit2-1.3.2-1.1.mga9 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.4%