| Vulnerability Name: | CVE-2008-3546 (CCN-44217) | ||||||||||||||||||||||||
| Assigned: | 2008-07-16 | ||||||||||||||||||||||||
| Published: | 2008-07-16 | ||||||||||||||||||||||||
| Updated: | 2018-10-11 | ||||||||||||||||||||||||
| Summary: | Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3546 Source: CCN Type: git Mailing List, Wednesday, July 16, 2008 - 10:54 am Fix buffer overflow in git diff Source: MLIST Type: Exploit [git] 20080716 [PATCH] Fix buffer overflow in git diff Source: CCN Type: SA31347 GIT Pathname Processing Multiple Buffer Overflows Source: SECUNIA Type: Vendor Advisory 31347 Source: SECUNIA Type: UNKNOWN 31780 Source: SECUNIA Type: UNKNOWN 32029 Source: SECUNIA Type: UNKNOWN 32384 Source: SECUNIA Type: UNKNOWN 33964 Source: GENTOO Type: UNKNOWN GLSA-200809-16 Source: CCN Type: SECTRACK ID: 1020627 GIT Buffer Overflow in diff_addremove() and diff_change() May Let Remote Users Execute Arbitrary Code Source: CONFIRM Type: UNKNOWN http://wiki.rpath.com/Advisories:rPSA-2008-0253 Source: DEBIAN Type: UNKNOWN DSA-1637 Source: DEBIAN Type: DSA-1637 git-core -- buffer overflow Source: CCN Type: GLSA-200809-16 Git: User-assisted execution of arbitrary code Source: CCN Type: The Linux Kernel Archives Web site GIT v1.5.6.4 Release Notes, Fixes since v1.5.6.3 Source: CONFIRM Type: UNKNOWN http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt Source: CCN Type: OSVDB ID: 47330 GIT Repository Pathname Handling Multiple Function Overflows Source: BUGTRAQ Type: UNKNOWN 20080812 rPSA-2008-0253-1 git gitweb Source: BID Type: UNKNOWN 30549 Source: CCN Type: BID-30549 Git Pathname Multiple Buffer Overflow Vulnerabilities Source: SECTRACK Type: UNKNOWN 1020627 Source: CCN Type: USN-723-1 Git vulnerabilities Source: UBUNTU Type: UNKNOWN USN-723-1 Source: VUPEN Type: UNKNOWN ADV-2008-2306 Source: XF Type: UNKNOWN git-multiple-bo(44217) Source: XF Type: UNKNOWN git-multiple-bo(44217) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-2707 Source: FEDORA Type: UNKNOWN FEDORA-2008-9080 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||