USN-6678-1: libgit2 vulnerabilities

Ubuntu Security Advisory

It was discovered that libgit2 mishandled equivalent filenames on NTFS
partitions. If a user or automated system were tricked into cloning a
specially crafted repository, an attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2020-12278, CVE-2020-12279)

It was discovered that libgit2 did not perform certificate checking by
default. An attacker could possibly use this issue to perform a
machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-22742)

It was discovered that libgit2 could be made to run into an infinite loop.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 23.10. (CVE-2024-24575)

It was discovered that libgit2 did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2024-24577)

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *