VDB

GCVE-VVD-MAGEIA-2018-267

GCVE-VVD-MAGEIA-2018-267
Advisory Published
Vulnetix · Advisory published June 3, 2018
It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235).

Affected Products

VendorProductVersionsPlatforms
Mageiagit0 (affected), 2.13.7-1.mga6 (unaffected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›