CVE-2016-10128

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as it directly passes the length to functions which accept a `size_t` length as parameter.
The issue is fixed by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
Group Package Affected Fixed Severity Status Ticket
AVG-131 libgit2 1:0.24.3-1 1:0.24.6-1 High Fixed
Date Advisory Group Package Severity Description
15 Jan 2017 ASA-201701-21 AVG-131 libgit2 High multiple issues
References
https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834