Lucene search

PRIOn knowledge basePRION:CVE-2008-3546

HistoryAug 07, 2008 - 9:41 p.m.

Stack overflow

2008-08-0721:41:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.1%

JSON

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system’s PATH_MAX when running GIT utilities such as git-diff or git-grep.

CPENameOperatorVersion
giteq1.5.5.3
giteq1.5.5.3 r1
giteq1.5.5.4
giteq1.5.6.1
giteq1.5.6.2
giteq1.5.6.3

Name	Operator	Version
git	eq	1.5.5.3
git	eq	1.5.5.3 r1
git	eq	1.5.5.4
git	eq	1.5.6.1
git	eq	1.5.6.2
git	eq	1.5.6.3

References

kerneltrap.org/mailarchive/git/2008/7/16/2529284

secunia.com/advisories/31347

secunia.com/advisories/31780

secunia.com/advisories/32029

secunia.com/advisories/32384

secunia.com/advisories/33964

security.gentoo.org/glsa/glsa-200809-16.xml

wiki.rpath.com/Advisories:rPSA-2008-0253

www.debian.org/security/2008/dsa-1637

www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt

www.securityfocus.com/archive/1/495391/100/0/threaded

www.securityfocus.com/bid/30549

www.securitytracker.com/id?1020627

www.ubuntu.com/usn/USN-723-1

www.vupen.com/english/advisories/2008/2306

exchange.xforce.ibmcloud.com/vulnerabilities/44217

issues.rpath.com/browse/RPL-2707

www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.html