CPE-99233195-89E9-4D58-B165-646F4ADE2EDD Detail

CPE Details

libgit2 0.27.10

Vendor

libgit2

Product

libgit2

Version

0.27.10

Created

2022-03-24
13h03 +00:00

Modified

2022-03-25
13h51 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:libgit2:libgit2:0.27.10:::::::*

Informations

Vendor

libgit2

Product

libgit2

Version

0.27.10

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-24577	2024-02-06 21h36 +00:00	libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.	9.8	Critical
CVE-2023-22742	2023-01-20 22h49 +00:00	libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.	5.9	Medium
CVE-2020-12278	2020-04-26 22h00 +00:00	An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.	9.8	Critical
CVE-2020-12279	2020-04-26 22h00 +00:00	An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.	9.8	Critical

libgit2 0.27.10

CPE Details

CPE Name: cpe:2.3:a:libgit2:libgit2:0.27.10:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:libgit2:libgit2:0.27.10:::::::*