Vulnerability in Libgit2

CVE-2023-22742

libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set…

EPSS: 0.006 (43.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

  • Libgit2 — versions = 1.5.0, < 1.4.5, 1.5.0

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-22742?
CVE-2023-22742 is a medium-severity vulnerability in Libgit2, classified under Improper Verification of Cryptographic Signature. CVSS score: 5.3/10. Published 2023-01-20.
How severe is CVE-2023-22742?
Medium severity. CVSS v3 base score is 5.3 out of 10.