Vulnerability CVE-2017-15298


Published: 2017-10-14   Modified: 2017-10-15

Description:
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Git-scm -> GIT 
Canonical -> Ubuntu linux 

 References:
https://github.com/Katee/git-bomb
https://kate.io/blog/git-bomb/
https://usn.ubuntu.com/3829-1/

Copyright 2024, cxsecurity.com

 

Back to Top