VDB
CVE-2018-10887
CVE-2018-10887
PUBLISHED
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
EPSS 0.39% · 60.6th percentile
Risk Scores
EPSS Score
0.39%
60.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libgit2 | 0, 0.25.1+really0.24.6-1, 0.26.0+dfsg.1-1.1 |
| Ubuntu:16.04:LTS | libgit2 | 0, 0.23.1-1, 0.24.1-2 |
| Ubuntu:14.04:LTS | libgit2 | 0.19.0-2, 0 |
Timeline
- Jul 10, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-10887 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1598021 third-party-advisory
- https://github.com/libgit2/libgit2/releases/tag/v0.27.3 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-10887 third-party-advisory