What is CVE-2024-35197?

CVE-2024-35197 is a medium-severity vulnerability in Byron Gitoxide, classified under CWE-67. CVSS score: 5.4/10. Published 2024-05-23.

How severe is CVE-2024-35197?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Vulnerability in Byron Gitoxide

CVE-2024-35197

gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repo…

EPSS: 0.000 (15.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L.

Affected products

Byron Gitoxide — versions < 0.36.0

Weakness classification (CWE)

CWE-67

References

https://github.com/Byron/gitoxide/security/advisories/GHSA-49jc-r788-3fc9 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-35197?: CVE-2024-35197 is a medium-severity vulnerability in Byron Gitoxide, classified under CWE-67. CVSS score: 5.4/10. Published 2024-05-23.
How severe is CVE-2024-35197?: Medium severity. CVSS v3 base score is 5.4 out of 10.