DSA-1841 git-core -- denial of serviceID: oval:org.mitre.oval:def:7866 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
It was discovered that git-daemon which is part of git-core, a popular distributed revision control system, is vulnerable to denial of service attacks caused by a programming mistake in handling requests containing extra unrecognized arguments which results in an infinite loop. While this is no problem for the daemon itself as every request will spawn a new git-daemon instance, this still results in a very high CPU consumption and might lead to denial of service conditions.
Platform: |
Debian 5.0 |
Debian 4.0 |