Severity High
Remote Yes
Type Arbitrary code execution
Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as it directly passes the length to functions which accept a `size_t` length as parameter.
The issue is fixed by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
Group Package Affected Fixed Severity Status Ticket
AVG-131 libgit2 1:0.24.3-1 1:0.24.6-1 High Fixed
Date Advisory Group Package Severity Description
15 Jan 2017 ASA-201701-21 AVG-131 libgit2 High multiple issues