[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-2315Date: (C)2016-04-28   (M)2023-12-22


revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 10.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1035290
BID-84355
DSA-3521
FEDORA-2016-6554eff611
FEDORA-2016-8f164810c3
FEDORA-2016-cee7647200
GLSA-201605-01
RHSA-2016:0496
SUSE-SU-2016:0796
SUSE-SU-2016:0798
USN-2938-1
http://www.openwall.com/lists/oss-security/2016/03/15/5
http://pastebin.com/UX2P2jjg
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305
https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt
openSUSE-SU-2016:0802
openSUSE-SU-2016:0803
openSUSE-SU-2016:0826
openSUSE-SU-2016:0829
openSUSE-SU-2016:0831
openSUSE-SU-2016:0832
openSUSE-SU-2016:0958

CWE    1
CWE-119
OVAL    16
oval:org.secpod.oval:def:703035
oval:org.secpod.oval:def:400719
oval:org.secpod.oval:def:110321
oval:org.secpod.oval:def:110354
...

© SecPod Technologies