Lucene search

Veracode Vulnerability DatabaseVERACODE:13036

HistoryJan 15, 2019 - 9:24 a.m.

Information Disclosure

2019-01-1509:24:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.007 Low

EPSS

Percentile

80.5%

git is vulnerable to information disclosure. The path sanity check in is_ntfs_dotgit() on NTFS allows an attacker to read arbitrary memory.

CPENameOperatorVersion
rh-git29-giteq2.9.3__3.el7
rh-git29-giteq2.9.3__3.el6
rh-git29-giteq2.9.3__2.el6
git:3.6eq2.13.7-r2

Name	Operator	Version
rh-git29-git	eq	2.9.3__3.el7
rh-git29-git	eq	2.9.3__3.el6
rh-git29-git	eq	2.9.3__2.el6
git:3.6	eq	2.13.7-r2

References

lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html

www.securityfocus.com/bid/104346

www.securitytracker.com/id/1040991

access.redhat.com/errata/RHSA-2018:2147

access.redhat.com/security/updates/classification/#important

marc.info/?l=git&m=152761328506724&w=2

security.gentoo.org/glsa/201805-13

usn.ubuntu.com/3671-1/

0.007 Low

EPSS

Percentile

80.5%

Related for VERACODE:13036