Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libgit2 | Libgit2 | * | 0.26.2 (excluding) |
Libgit2 | Ubuntu | artful | * |
Libgit2 | Ubuntu | bionic | * |
Libgit2 | Ubuntu | esm-apps/bionic | * |
Libgit2 | Ubuntu | esm-apps/xenial | * |
Libgit2 | Ubuntu | esm-infra-legacy/trusty | * |
Libgit2 | Ubuntu | trusty | * |
Libgit2 | Ubuntu | trusty/esm | * |
Libgit2 | Ubuntu | upstream | * |
Libgit2 | Ubuntu | xenial | * |