Libgit2 Libgit2
11 CVEs affecting Libgit2 Libgit2. Latest disclosed: 2024-02-06. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-12279 | Critical | 9.8 | 2020-04-27 | An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. Thi… |
CVE-2020-12278 | Critical | 9.8 | 2020-04-27 | An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Strea… |
CVE-2014-9390 | Critical | 9.8 | 2020-02-12 | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows a… |
CVE-2024-24577 | High | 8.6 | 2024-02-06 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your a… |
CVE-2018-10887 | High | 8.1 | 2018-07-10 | A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lea… |
CVE-2024-24575 | High | 7.5 | 2024-02-06 | libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your a… |
CVE-2018-15501 | High | 7.5 | 2018-08-18 | In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lac… |
CVE-2018-10888 | Medium | 6.5 | 2018-07-10 | A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading… |
CVE-2018-8099 | Medium | 6.5 | 2018-03-14 | Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a… |
CVE-2018-8098 | Medium | 6.5 | 2018-03-14 | Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a de… |
CVE-2023-22742 | Medium | 5.3 | 2023-01-20 | libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certi… |