Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2018-10887 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

Risk Scores

CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.8libgit20, 0.27.2-r0, 0.27.0-r0
Alpine:v3.11libgit20, 0.23.2-r0, 0.23.2-r1
Alpine:v3.9libgit20.27.2-r0, 0, 0.23.2-r0
Alpine:v3.10libgit20, 0.27.2-r0, 0.27.0-r0

Timeline

References

Open in Interactive Console →