Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-10887

Good to know:

icon

Date: July 10, 2018

A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

Language: C

Severity Score

Related Resources (8)

https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html
https://nvd.nist.gov/vuln/detail/CVE-2018-10887
https://bugzilla.redhat.com/show_bug.cgi?id=1598021
https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html
https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
https://github.com/libgit2/libgit2/releases/tag/v0.27.3
https://www.mend.io/vulnerability-database/CVE-2018-10887

Severity Score

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Out-of-bounds Read

CWE-125

Incorrect Conversion between Numeric Types

CWE-681

Unexpected Sign Extension

CWE-194

Top Fix

icon

Upgrade Version

Upgrade to version 0.27.3.

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us