DEBIAN-CVE-2018-10887

DEBIAN-CVE-2018-10887 PUBLISHED CVSS 8.100000381469727 HIGH

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	libgit2	0, 0, 0
Debian:11	libgit2	0, 0, 0
Debian:12	libgit2	0, 0, 0
Debian:14	libgit2	0, 0, 0

Timeline

Jul 10, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-10887 advisory

Open in Interactive Console →