VDB
CVE-2020-12279
CVE-2020-12279
PUBLISHED
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
EPSS 5.16% · 89.8th percentile
Risk Scores
EPSS Score
5.16%
89.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | libgit2 | 0, 0.25.1+really0.24.6-1, 0.26.0+dfsg.1-1.1build1 |
| Ubuntu:Pro:14.04:LTS | libgit2 | 0, 0.19.0-2, 0.19.0-2ubuntu0.4 |
| Ubuntu:Pro:16.04:LTS | libgit2 | 0.22.2-2, 0.23.1-1, 0.24.1-2 |
Timeline
- Apr 27, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 23, 2021 EPSS Score
- Oct 24, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Aug 31, 2022 EPSS Score
- Jan 2, 2023 EPSS Score
- Feb 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-12279 third-party-advisory
- https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v third-party-advisory
- https://github.com/libgit2/libgit2/releases/tag/v0.28.4 third-party-advisory
- https://github.com/libgit2/libgit2/releases/tag/v0.99.0 third-party-advisory
- https://ubuntu.com/security/notices/USN-6678-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-12279 third-party-advisory