CVE-2024-24575 libgit2 is vulnerable to a denial of service attack in `git_revparse_single`

2024-02-0621:27:57

CWE-400

GitHub_M

github.com

libgit2

vulnerability

denial of service

revparse_single

portable

application

attack

memory

upgrade

version 1.6.5

version 1.7.2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

JSON

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_revparse_single can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in src/libgit2/revparse.c uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.

CNA Affected

[
  {
    "vendor": "libgit2",
    "product": "libgit2",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.4.0, < 1.6.5"
      },
      {
        "status": "affected",
        "version": ">= 1.7.0, < 1.7.2"
      }
    ]
  }
]