Vulnerabilities > CVE-2016-8569 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 3 | |
OS | 1 | |
OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-BC51F4636F.NASL description Security fix for CVE-2016-8568, CVE-2016-8569 ---- Update to 0.24.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-10-19 plugin id 94124 published 2016-10-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94124 title Fedora 24 : libgit2 (2016-bc51f4636f) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-110.NASL description This update for libgit2 fixes the following issues : - CVE-2016-8568: Fixed and out-of-bounds read in git_oid_nfmt (bsc#1003810). - CVE-2016-8569: DoS using a NULL pointer dereference in git_commit_message (bsc#1003810). last seen 2020-06-05 modified 2017-01-18 plugin id 96582 published 2017-01-18 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96582 title openSUSE Security Update : libgit2 (openSUSE-2017-110) NASL family Fedora Local Security Checks NASL id FEDORA_2016-616A35205B.NASL description Security fix for CVE-2016-8568, CVE-2016-8569 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-10-21 plugin id 94185 published 2016-10-21 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94185 title Fedora 23 : libgit2 (2016-616a35205b) NASL family Fedora Local Security Checks NASL id FEDORA_2016-505D7FE198.NASL description Security fix for CVE-2016-8568, CVE-2016-8569 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94806 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94806 title Fedora 25 : libgit2 (2016-505d7fe198) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-121.NASL description This update for libgit2 fixes the following issues : - CVE-2016-8568: Fixed and out-of-bounds read in git_oid_nfmt (bsc#1003810). - CVE-2016-8569: DoS using a NULL pointer dereference in git_commit_message (bsc#1003810). last seen 2020-06-05 modified 2017-01-20 plugin id 96647 published 2017-01-20 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96647 title openSUSE Security Update : libgit2 (openSUSE-2017-121) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1450.NASL description libgit2 was updated to fix two security issues. These security issues were fixed : - CVE-2016-8568: Read out-of-bounds in git_oid_nfmt (bsc#1003810). - CVE-2016-8569: DoS caused by a NULL pointer dereference in git_commit_message (bsc#1003810). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2016-12-13 plugin id 95756 published 2016-12-13 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95756 title openSUSE Security Update : libgit2 (openSUSE-2016-1450)
References
- https://github.com/libgit2/libgit2/releases/tag/v0.24.3
- https://github.com/libgit2/libgit2/issues/3937
- https://bugzilla.redhat.com/show_bug.cgi?id=1383211
- http://www.securityfocus.com/bid/93465
- http://www.openwall.com/lists/oss-security/2016/10/08/7
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/