Heap-based Buffer Overflow

2022-10-2019:48:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

git

vulnerability

buffer overflow

memory corruption

shell.

0.011 Low

EPSS

Percentile

84.4%

JSON

git is vulnerable to heap-based buffer overflow. The vulnerability exists in strbuf_releas parameter in shell.c where a manipulation with an unknown input leads to a memory corruption.

CPENameOperatorVersion
git:3.16le2.36.2-r0
git:3.13le2.30.5-r0
git:3.14le2.32.3-r0
git:3.15le2.34.4-r0
git:bioniceq1:2.17.0-1ubuntu1
git:bioniceq1:2.17.1-1ubuntu0.7
git:bioniceq1:2.17.1-1ubuntu0.9
git:focaleq1:2.25.1-1ubuntu3
git:sideq1:2.30.1-1
git:sideq1:2.29.2-1

Name	Operator	Version
git:3.16	le	2.36.2-r0
git:3.13	le	2.30.5-r0
git:3.14	le	2.32.3-r0
git:3.15	le	2.34.4-r0
git:bionic	eq	1:2.17.0-1ubuntu1
git:bionic	eq	1:2.17.1-1ubuntu0.7
git:bionic	eq	1:2.17.1-1ubuntu0.9
git:focal	eq	1:2.25.1-1ubuntu3
git:sid	eq	1:2.30.1-1
git:sid	eq	1:2.29.2-1