Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 8 Oct 2016 10:15:55 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: invalid memory accesses parsing object files in libgit2

Hi,

We recently reported two invalid memory accesses in the last revision
of libgit2:

* Read out-of-bounds in git_oid_nfmt:
https://github.com/libgit2/libgit2/issues/3936

* DoS using a null pointer derreference in git_commit_message:
https://github.com/libgit2/libgit2/issues/3937

The developers are preparing a patch to harden object parsing in libgit2 here:

https://github.com/libgit2/libgit2/pull/3956

Please assign one or more CVE if suitable.

Regards,
Gustavo.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ