Vulnerability in Libgit2
CVE-2023-22742
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set…
EPSS: 0.006 (43.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N.
Affected products
- Libgit2 — versions = 1.5.0, < 1.4.5, 1.5.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
- security-advisories@github.com (Patch, Third Party Advisory, x_refsource_MISC)
- security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Release Notes)
- security-advisories@github.com (Third Party Advisory, x_refsource_MISC, Release Notes)
- security-advisories@github.com (Third Party Advisory, x_refsource_MISC)
- security-advisories@github.com
Frequently asked questions
- What is CVE-2023-22742?
- CVE-2023-22742 is a medium-severity vulnerability in Libgit2, classified under Improper Verification of Cryptographic Signature. CVSS score: 5.3/10. Published 2023-01-20.
- How severe is CVE-2023-22742?
- Medium severity. CVSS v3 base score is 5.3 out of 10.