[3.3] git: path_name() integer truncation and overflow leading to buffer overflow (CVE-2016-2315, CVE-2016-2324)
An integer truncation flaw and an integer overflow flaw were found in
the way Git processed certain path information.
A remote attacker could possibly exploit these flaws to cause a crash of
the Git client or, possibly, execute arbitrary
code with the privileges of the user running Git by pushing specially
crafted data to a remote Git repository or
tricking an unsuspecting user into cloning a malicious Git repository.
Fixed In Version:
git 2.4.11, git 2.5.5, git 2.6.6, git 2.7.4
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2324
http://seclists.org/oss-sec/2016/q1/653
http://pastebin.com/UX2P2jjg
(from redmine: issue id 5309, created on 2016-03-22, closed on 2016-06-15)
- Relations:
- parent #5308
- Changesets:
- Revision be906642 by Natanael Copa on 2016-03-22T11:00:00Z:
main/git: security upgrade to 2.6.6 (CVE-2016-2315,CVE-2016-2324)
fixes #5309