CVE-2016-2324

high-risk

Published 2016-04-08

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Do I need to act?

22.1% chance of exploitation in next 30 days

EPSS score — higher than 78% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: de1e67d0703894cb6ea782e36abb63976ab07e60

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (10)

Linux Enterprise Debuginfo

Opensuse

Linux Enterprise Server

Linux Enterprise Software Development Kit

Suse Linux Enterprise Server

Git

Openstack Cloud

Leap

Linux Enterprise Software Development Kit

Affected Vendors

Suse Git-Scm Opensuse

References (48)

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html

Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html

Mailing List http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html

Third Party Advisory http://pastebin.com/UX2P2jjg

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0496.html

Third Party Advisory http://www.debian.org/security/2016/dsa-3521

Mailing List http://www.openwall.com/lists/oss-security/2016/03/15/5

Third Party Advisory http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h...

Third Party Advisory http://www.securityfocus.com/bid/84355

Third Party Advisory http://www.securitytracker.com/id/1035290

and 28 more references

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 14/34 · Moderate

Exposure 16/34 · Moderate