Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libgit2 is vulnerable to a denial of service attack in `git_revparse_single`
Vulnerability Description
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
libgit2 资源管理错误漏洞
Vulnerability Description
libgit2是一个可移植、使用C语言实现的Git核心开发包。 libgit2 存在资源管理错误漏洞。攻击者利用该漏洞使用特制的“git_revparse_single”输入可能会导致函数进入无限循环,从而可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A