Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-3QX3-6HXR-J2CH
HistoryFeb 08, 2024 - 6:47 p.m.

eza Potential Heap Overflow Vulnerability for AArch64

2024-02-0818:47:28
Google
osv.dev
8
heap overflow vulnerability
eza
aarch64
ubuntu-raspi
.git directory
arbitrary code execution
libgit2
poc

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

Summary

In eza, there exists a potential heap overflow vulnerability, first seen when using Ubuntu for Raspberry Pi series system, on ubuntu-raspi kernel, relating to the .git directory.

Details

The vulnerability seems to be triggered by the .git directory in some projects. This issue may be related to specific files, and the directory structure also plays a role in triggering the vulnerability. Files/folders that may be involved in triggering the vulnerability include .git/HEAD, .git/refs, and .git/objects.

As @polly pointed out to me, this is likely caused by GHSA-j2v7-4f6v-gpg8, which we do seem to use currently.

PoC

For more information check @CuB3y0nd’s blogpost blog.

Impact

Arbitrary code execution.

Related

github 1
prion 1
cve 1
vulnrichment 1
cvelist 1
nvd 1
debiancve 1
ubuntucve 1
github
github
eza Potential Heap Overflow Vulnerability for AArch64
2024-02-08 18:47:28
prion
prion
Buffer overflow
2024-03-06 00:15:00
cve
cve
CVE-2024-25817
2024-03-06 00:15:52
vulnrichment
vulnrichment
CVE-2024-25817
2024-03-05 00:00:00
cvelist
cvelist
CVE-2024-25817
2024-03-05 00:00:00
nvd
nvd
CVE-2024-25817
2024-03-06 00:15:52
debiancve
debiancve
CVE-2024-25817
2024-03-06 00:15:52
ubuntucve
ubuntucve
CVE-2024-25817
2024-03-06 00:00:00

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for OSV:GHSA-3QX3-6HXR-J2CH
github1prion1cve1vulnrichment1cvelist1nvd1debiancve1ubuntucve1