Bug 1100613 (CVE-2018-10887)

Summary: VUL-0: CVE-2018-10887: libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: atoptsoglou, dimstar, mgorse, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/210165/
Whiteboard: CVSSv3:RedHat:CVE-2018-10887:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVSSv3:SUSE:CVE-2018-10887:6.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVSSv2:NVD:CVE-2018-10887:5.8:(AV:N/AC:M/Au:N/C:P/I:N/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-07-09 14:32:06 UTC
rh#1598021

An unexpected sign extension in git_delta_apply function leads to an integer overflow in the bounds check, allowing to bypass it and to read some bytes before the `base` object. An attacker may use this flaw to get an information leak or cause a Denial of Service.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1598021
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10887
Comment 2 Andreas Stieger 2018-07-11 07:09:35 UTC
https://build.opensuse.org/request/show/621935
Comment 5 Swamp Workflow Management 2018-08-21 16:09:31 UTC
SUSE-SU-2018:2469-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1095219,1100612,1100613,1104641
CVE References: CVE-2018-10887,CVE-2018-10888,CVE-2018-11235,CVE-2018-15501
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    libgit2-0.26.6-3.5.2
Comment 6 Swamp Workflow Management 2018-08-24 22:08:23 UTC
openSUSE-SU-2018:2502-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1095219,1100612,1100613,1104641
CVE References: CVE-2018-10887,CVE-2018-10888,CVE-2018-11235,CVE-2018-15501
Sources used:
openSUSE Leap 15.0 (src):    libgit2-0.26.6-lp150.2.3.1
Comment 9 Swamp Workflow Management 2018-10-25 16:13:35 UTC
SUSE-SU-2018:3440-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1085256,1095219,1100612,1100613,1104641
CVE References: CVE-2018-10887,CVE-2018-10888,CVE-2018-11235,CVE-2018-15501,CVE-2018-8099
Sources used:
SUSE Manager Server 3.2 (src):    libgit2-0.24.1-7.6.1
SUSE Manager Server 3.1 (src):    libgit2-0.24.1-7.6.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libgit2-0.24.1-7.6.1
Comment 10 Swamp Workflow Management 2018-10-26 22:24:58 UTC
openSUSE-SU-2018:3519-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1085256,1095219,1100612,1100613,1104641
CVE References: CVE-2018-10887,CVE-2018-10888,CVE-2018-11235,CVE-2018-15501,CVE-2018-8099
Sources used:
openSUSE Leap 42.3 (src):    libgit2-0.24.1-10.3.1
Comment 14 Alexandros Toptsoglou 2020-04-24 15:10:28 UTC
Done