VDB
DEBIAN-CVE-2016-10130
DEBIAN-CVE-2016-10130
PUBLISHED
CVSS 5.900000095367432 MEDIUM
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
Risk Scores
CVSS v3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | libgit2 | 0, 0, 0 |
| Debian:13 | libgit2 | 0, 0, 0 |
| Debian:12 | libgit2 | 0, 0, 0 |
| Debian:12 | cargo | 0, 0, 0 |
| Debian:11 | cargo | 0, 0, 0 |
| Debian:14 | libgit2 | 0, 0, 0 |
Timeline
- Mar 24, 2017 CVE Published
- Apr 28, 2026 CVE Updated