Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 8 Oct 2016 10:15:55 -0300
From: Gustavo Grieco <>
Subject: CVE request: invalid memory accesses parsing object files in libgit2


We recently reported two invalid memory accesses in the last revision
of libgit2:

* Read out-of-bounds in git_oid_nfmt:

* DoS using a null pointer derreference in git_commit_message:

The developers are preparing a patch to harden object parsing in libgit2 here:

Please assign one or more CVE if suitable.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.