VDB
ALPINE-CVE-2018-10887
ALPINE-CVE-2018-10887
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.8 | libgit2 | 0.27.2-r0, 0, 0.23.2-r0 |
| Alpine:v3.11 | libgit2 | 0.23.2-r0, 0.23.2-r1, 0.23.4-r0 |
| Alpine:v3.9 | libgit2 | 0.26.3-r0, 0.23.2-r0, 0.23.2-r1 |
| Alpine:v3.10 | libgit2 | 0.24.0-r0, 0, 0.23.2-r1 |
Timeline
- Jul 10, 2018 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch