[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9706Date: (C)2015-03-30   (M)2023-12-22


The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
DSA-3206
FEDORA-2015-4534
FEDORA-2015-4575
https://lists.launchpad.net/dulwich-users/msg00827.html
http://www.openwall.com/lists/oss-security/2015/03/21/1
http://www.openwall.com/lists/oss-security/2015/03/22/26
https://git.samba.org/?p=jelmer/dulwich.git%3Ba=commitdiff%3Bh=091638be3c89f46f42c3b1d57dc1504af5729176

CPE    1
cpe:/o:debian:debian_linux:7.0
CWE    1
CWE-19
OVAL    3
oval:org.secpod.oval:def:602016
oval:org.secpod.oval:def:108689
oval:org.secpod.oval:def:108682

© SecPod Technologies