Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add`
Vulnerability Description
libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
libgit2 安全漏洞
Vulnerability Description
libgit2是一个可移植、使用C语言实现的Git核心开发包。 libgit2存在安全漏洞。攻击者利用该漏洞使用特制的“git_index_add”输入可能会导致堆损坏,从而执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A