CVE-2016-2324: Buffer Overflow
First published: Fri Apr 08 2016(Updated: )
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux Enterprise Debuginfo | =11-sp4 | |
| openSUSE OpenStack Cloud | =5 | |
| openSUSE | =42.1 | |
| openSUSE | =13.2 | |
| SUSE Linux Enterprise Server | =12.0-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Software Development Kit | =12.0-sp1 | |
| SUSE Linux Enterprise Server | =12 | |
| Git Git-shell | <=2.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html
- http://pastebin.com/UX2P2jjg
- http://rhn.redhat.com/errata/RHSA-2016-0496.html
- http://www.debian.org/security/2016/dsa-3521
- http://www.openwall.com/lists/oss-security/2016/03/15/5
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/84355
- http://www.securitytracker.com/id/1035290
- http://www.ubuntu.com/usn/USN-2938-1
- https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60
- https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt
- https://security.gentoo.org/glsa/201605-01
Frequently Asked Questions
What is the severity of CVE-2016-2324?
CVE-2016-2324 has a high severity level due to the potential for remote code execution.
How do I fix CVE-2016-2324?
To fix CVE-2016-2324, upgrade Git to version 2.7.4 or later.
What versions of Git are affected by CVE-2016-2324?
CVE-2016-2324 affects all versions of Git before 2.7.4.
Can CVE-2016-2324 be exploited remotely?
Yes, CVE-2016-2324 can be exploited remotely via long filenames or nested trees.
What types of systems are affected by CVE-2016-2324?
CVE-2016-2324 affects various SUSE and openSUSE systems that use vulnerable versions of Git.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11-sp4
- canonical/opensuse openstack cloud
- version/opensuse openstack cloud/5
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.1
- version/opensuse/13.2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12.0-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp4
- version/suse linux enterprise software development kit/12
- version/suse linux enterprise software development kit/12.0-sp1
- version/suse linux enterprise server/12
- vendor/git-scm
- canonical/git git-shell
- version/git git-shell/2.7.3