First published: Wed May 30 2018(Updated: )
Git before versions 2.13.7, 2.14.4, 2.15.2, 2.16.4 and 2.17.1 performs path sanity-checks in is_ntfs_dotgit():path.c that can be fooled into reading arbitrary memory. Upstream announcement: <a href="https://marc.info/?l=git&m=152761328506724&w=2">https://marc.info/?l=git&m=152761328506724&w=2</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/git | <1:2.17.1-1 | 1:2.17.1-1 |
ubuntu/git | <1:2.7.4-0ubuntu1.4 | 1:2.7.4-0ubuntu1.4 |
ubuntu/git | <1:2.14.1-1ubuntu4.1 | 1:2.14.1-1ubuntu4.1 |
ubuntu/git | <1:2.17.1-1ubuntu0.1 | 1:2.17.1-1ubuntu0.1 |
ubuntu/git | <1:1.9.1-1ubuntu0.8 | 1:1.9.1-1ubuntu0.8 |
redhat/git | <2.13.7 | 2.13.7 |
redhat/git | <2.14.4 | 2.14.4 |
redhat/git | <2.15.2 | 2.15.2 |
redhat/git | <2.16.4 | 2.16.4 |
redhat/git | <2.17.1 | 2.17.1 |
=14.04 | ||
=16.04 | ||
=17.10 | ||
=18.04 | ||
<=2.13.6 | ||
>=2.14.0<=2.14.3 | ||
>=2.15.0<=2.15.1 | ||
>=2.16.0<=2.16.3 | ||
=2.17.0 | ||
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Canonical Ubuntu Linux | =18.04 | |
Git-scm Git | <=2.13.6 | |
Git-scm Git | >=2.14.0<=2.14.3 | |
Git-scm Git | >=2.15.0<=2.15.1 | |
Git-scm Git | >=2.16.0<=2.16.3 | |
Git-scm Git | =2.17.0 | |
debian/git | 1:2.20.1-2+deb10u3 1:2.20.1-2+deb10u8 1:2.30.2-1+deb11u2 1:2.39.2-1.1 1:2.43.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2018-11233.
The severity of CVE-2018-11233 is high.
Versions before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1 are affected.
The vulnerability can result in reading out-of-bounds memory.
Yes, updating Git to version 2.13.7, 2.14.4, 2.15.2, 2.16.4, or 2.17.1 will address this vulnerability.