cpe:/a:libgit2:libgit2:0.1.0 cpe:/a:libgit2:libgit2:0.2.0 cpe:/a:libgit2:libgit2:0.3.0 cpe:/a:libgit2:libgit2:0.8.0 cpe:/a:libgit2:libgit2:0.10.0 cpe:/a:libgit2:libgit2:0.11.0 cpe:/a:libgit2:libgit2:0.12.0 cpe:/a:libgit2:libgit2:0.13.0 cpe:/a:libgit2:libgit2:0.14.0 cpe:/a:libgit2:libgit2:0.15.0 cpe:/a:libgit2:libgit2:0.16.0 cpe:/a:libgit2:libgit2:0.17.0 cpe:/a:libgit2:libgit2:0.18.0 cpe:/a:libgit2:libgit2:0.19.0 cpe:/a:libgit2:libgit2:0.20.0 cpe:/a:libgit2:libgit2:0.21.0:- cpe:/a:libgit2:libgit2:0.21.0:rc1 cpe:/a:libgit2:libgit2:0.21.0:rc2 cpe:/a:libgit2:libgit2:0.21.1 cpe:/a:libgit2:libgit2:0.21.2 cpe:/a:libgit2:libgit2:0.21.3 cpe:/a:libgit2:libgit2:0.21.4 cpe:/a:libgit2:libgit2:0.21.5 cpe:/a:libgit2:libgit2:0.22.0:- cpe:/a:libgit2:libgit2:0.22.0:rc1 cpe:/a:libgit2:libgit2:0.22.0:rc2 cpe:/a:libgit2:libgit2:0.22.1 cpe:/a:libgit2:libgit2:0.22.2 cpe:/a:libgit2:libgit2:0.22.3 cpe:/a:libgit2:libgit2:0.23.0:- cpe:/a:libgit2:libgit2:0.23.0:rc1 cpe:/a:libgit2:libgit2:0.23.0:rc2 cpe:/a:libgit2:libgit2:0.23.1 cpe:/a:libgit2:libgit2:0.23.2 cpe:/a:libgit2:libgit2:0.23.3 cpe:/a:libgit2:libgit2:0.23.4 cpe:/a:libgit2:libgit2:0.24.0:- cpe:/a:libgit2:libgit2:0.24.0:rc1 cpe:/a:libgit2:libgit2:0.24.1 cpe:/a:libgit2:libgit2:0.24.2 cpe:/a:libgit2:libgit2:0.24.3 cpe:/a:libgit2:libgit2:0.24.4 cpe:/a:libgit2:libgit2:0.24.5 cpe:/a:libgit2:libgit2:0.24.6 cpe:/a:libgit2:libgit2:0.25.0:- cpe:/a:libgit2:libgit2:0.25.0:rc1 cpe:/a:libgit2:libgit2:0.25.0:rc2 cpe:/a:libgit2:libgit2:0.25.1 cpe:/a:libgit2:libgit2:0.26.0:- cpe:/a:libgit2:libgit2:0.26.0:rc1 cpe:/a:libgit2:libgit2:0.26.0:rc2 cpe:/a:libgit2:libgit2:0.26.1 cpe:/a:libgit2:libgit2:0.26.2 cpe:/a:libgit2:libgit2:0.26.3 cpe:/a:libgit2:libgit2:0.26.4 cpe:/a:libgit2:libgit2:0.26.5 cpe:/a:libgit2:libgit2:0.27.0:- cpe:/a:libgit2:libgit2:0.27.0:rc1 cpe:/a:libgit2:libgit2:0.27.0:rc2 cpe:/a:libgit2:libgit2:0.27.0:rc3 cpe:/a:libgit2:libgit2:0.27.1 cpe:/a:libgit2:libgit2:0.27.2 cpe:/a:libgit2:libgit2:0.27.3 cpe:/o:debian:debian_linux:8.0 CVE-2018-15501 2018-08-17T22:29:01.713-04:00 2018-10-12T15:24:13.563-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2018-10-12T14:46:21.030-04:00 MLIST [debian-lts-announce] 20180825 [SECURITY] [DLA 1477-1] libgit2 security update MISC https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406 MISC https://bugzilla.suse.com/show_bug.cgi?id=1104641 MISC https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649 MISC https://github.com/libgit2/libgit2/releases/tag/v0.26.6 MISC https://github.com/libgit2/libgit2/releases/tag/v0.27.4 MISC https://www.pro-linux.de/sicherheit/2/44650/denial-of-service-in-libgit2.html In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.