Buffer overflow in Dulwich_project Dulwich

CVE-2015-0838

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

Vulnerability class: Buffer Overflow

EPSS: 0.028 (86.4th percentile) — read the EPSS interpretation.

Affected products

Dulwich_project Dulwich
Debian Debian_linux — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

DSA-3206 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20150322 Dulwich security issue (Vendor Advisory, mailing-list, x_refsource_MLIST)