mailing list archives
CVE request: git
From: Greg Brockman <gdb () MIT EDU>
Date: Wed, 21 Jul 2010 23:17:01 -0400
A fix for an exploitable buffer overrun was committed to git in .
In particular, if an attacker were to create a crafted working copy
where the user runs any git command, the attacker could force
execution of arbitrary code.
This attack should be mitigated to a denial of service if git is
compiled with appropriate stack-protecting flags.
This buffer overrun was introduced in , which first appeared in
v1.5.6, and is fixed in v1.7.2.
- CVE request: git Greg Brockman (Jul 22)