CVE-2008-3546

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

References

http://kerneltrap.org/mailarchive/git/2008/7/16/2529284

http://secunia.com/advisories/31347

http://secunia.com/advisories/31780

http://secunia.com/advisories/32029

http://secunia.com/advisories/32384

http://secunia.com/advisories/33964

http://security.gentoo.org/glsa/glsa-200809-16.xml

http://wiki.rpath.com/Advisories:rPSA-2008-0253

http://www.debian.org/security/2008/dsa-1637

http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt

http://www.securityfocus.com/archive/1/495391/100/0/threaded

http://www.securityfocus.com/bid/30549

http://www.securitytracker.com/id?1020627

http://www.ubuntu.com/usn/USN-723-1

http://www.vupen.com/english/advisories/2008/2306

https://exchange.xforce.ibmcloud.com/vulnerabilities/44217

https://issues.rpath.com/browse/RPL-2707

https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.html

Details

Source: MITRE

Published: 2008-08-07

Updated: 2018-10-11

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
39969openSUSE Security Update : git (git-183)NessusSuSE Local Security Checks
high
36720Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : git-core vulnerabilities (USN-723-1)NessusUbuntu Local Security Checks
high
35728Slackware 12.0 / 12.1 / 12.2 / current : git (SSA:2009-051-02)NessusSlackware Local Security Checks
high
34483Fedora 9 : git-1.5.6.5-1.fc9 (2008-9080)NessusFedora Local Security Checks
high
34297GLSA-200809-16 : Git: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
34212Debian DSA-1637-1 : git-core - buffer overflowNessusDebian Local Security Checks
high
34153openSUSE 10 Security Update : git (git-5585)NessusSuSE Local Security Checks
high