Vulnerabilities > CVE-2016-10129 - NULL Pointer Dereference vulnerability in Libgit2 Project Libgit2 0.25.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-213.NASL description This update for libgit2 fixes the following issues : - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5338: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5339: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). - CVE-2016-10129: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). last seen 2020-06-05 modified 2017-02-09 plugin id 97074 published 2017-02-09 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97074 title openSUSE Security Update : libgit2 (openSUSE-2017-213) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-262.NASL description This update for libgit2 fixes the several issues. These security issues were fixed : - CVE-2016-10128: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). - CVE-2016-10129: Additional sanitization prevent some edge cases in the Git Smart Protocol which can lead to reading outside of a buffer (bsc#1019036). - CVE-2016-10130: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5338: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). - CVE-2017-5339: When using the custom certificate callback or when using pygit2 or git2go a attacker could have caused an invalid certificate to be accepted (bsc#1019037). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-02-21 plugin id 97282 published 2017-02-21 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97282 title openSUSE Security Update : libgit2 (openSUSE-2017-262)
References
- https://libgit2.github.com/security/
- https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037
- https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a
- http://www.openwall.com/lists/oss-security/2017/01/11/6
- http://www.openwall.com/lists/oss-security/2017/01/10/5
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00072.html
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00036.html
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00030.html
- http://www.securityfocus.com/bid/95339