Lucene search
GoogleOSV:CVE-2020-12278HistoryApr 27, 2020 - 5:15 p.m.
CVE-2020-12278
2020-04-2717:15:13
Google
osv.dev
8
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libgit2 | eq | 0.12.0 | |
| libgit2 | eq | 0.23.0-rc2 | |
| libgit2 | eq | 0.26.0-rc2 | |
| libgit2 | eq | 0.19.0 | |
| libgit2 | eq | 0.11.0 | |
| libgit2 | eq | 0.25.0 | |
| libgit2 | eq | 0.15.0 | |
| libgit2 | eq | 0.23.0-rc1 | |
| libgit2 | eq | 0.26.0-rc1 | |
| libgit2 | eq | 0.28.0-rc1 |
References
github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj
github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01
github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb
github.com/libgit2/libgit2/releases/tag/v0.28.4
github.com/libgit2/libgit2/releases/tag/v0.99.0
lists.debian.org/debian-lts-announce/2022/03/msg00031.html
lists.debian.org/debian-lts-announce/2023/02/msg00034.html
Related
redhatcve
redhatcve
ubuntucve
ubuntucve
cve
cve
prion
prion
Remote code execution
2020-04-27 17:15:00
Remote code execution
2020-01-24 21:15:00
Remote code execution
2020-01-24 21:15:00
nvd
nvd
cvelist
cvelist
debiancve
debiancve
nessus
nessus
RHEL 8 : libgit2 (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : libgit2 (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 8 : libgit2 (Unpatched Vulnerability)
2024-05-11 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libgit2 (EulerOS-SA-2020-1861)
2020-08-31 00:00:00
Debian: Security Advisory (DLA-3340-1)
2023-02-24 00:00:00
Debian: Security Advisory (DLA-2936-1)
2022-03-21 00:00:00
mscve
mscve
Git for Visual Studio Remote Code Execution Vulnerability
2019-12-10 08:00:00
veracode
veracode
Arbitrary Files Overwrite
2019-12-20 00:15:19
symantec
symantec
debian
debian
[SECURITY] [DLA 3340-1] libgit2 security update
2023-02-23 21:21:37
[SECURITY] [DLA 2936-1] libgit2 security update
2022-03-21 00:39:43
[SECURITY] [DLA 2059-1] git security update
2020-01-23 14:27:34
osv
osv
libgit2 - security update
2023-02-23 00:00:00
libgit2 vulnerabilities
2024-03-05 18:46:35
CVE-2019-1352
2020-01-24 21:15:12
suse
suse
Security update for libgit2 (important)
2022-10-04 00:00:00
Security update for git (important)
2020-01-29 00:00:00
Security update for git (moderate)
2020-05-02 00:00:00
ubuntu
ubuntu
libgit2 vulnerabilities
2024-03-05 00:00:00
Git vulnerabilities
2019-12-10 00:00:00
redhat
redhat
(RHSA-2020:0228) Important: git security update
2020-01-27 08:04:40
(RHSA-2019:4356) Important: git security update
2019-12-19 18:18:24
(RHSA-2020:0002) Important: rh-git218-git security update
2020-01-02 08:21:54
archlinux
archlinux
[ASA-201912-5] libgit2: arbitrary code execution
2019-12-18 00:00:00
[ASA-201912-6] git: arbitrary code execution
2019-12-18 00:00:00
alpinelinux
alpinelinux
kaspersky
kaspersky
KLA11618 Multiple vulnerabilities in Microsoft Developer Tools
2019-12-10 00:00:00
oraclelinux
oraclelinux
git security update
2019-12-19 00:00:00
qualysblog
qualysblog
fedora
fedora
[SECURITY] Fedora 31 Update: libgit2-0.28.4-1.fc31
2019-12-17 01:46:03
[SECURITY] Fedora 31 Update: git-2.24.1-1.fc31
2019-12-18 01:56:26
[SECURITY] Fedora 30 Update: git-2.21.1-1.fc30
2020-01-04 22:16:13
amazon
amazon
gentoo
gentoo
Git: Multiple vulnerabilities
2020-03-15 00:00:00
cloudfoundry
cloudfoundry
USN-4220-1: Git vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.24.1-alt1
2019-12-08 00:00:00
Security fix for the ALT Linux 8 package git version 2.24.1-alt1
2019-12-12 00:00:00
threatpost
threatpost
Microsoft Zaps Actively Exploited Zero-Day Bug
2019-12-10 21:21:24