CVE-2016-2315

Impact:
Important
Public Date:
2016-03-06
Bugzilla:
1317981: CVE-2016-2315 CVE-2016-2324 git: path_name() integer truncation and overflow leading to buffer overflow
An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code.

Find out more about CVE-2016-2315 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Product Security has rated these issues as having Important security impact. For additional information, refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/2201201

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (git) RHSA-2016:0496 2016-03-23
Red Hat Software Collections for Red Hat Enterprise Linux 7 (git19-git) RHSA-2016:0497 2016-03-23
Red Hat Software Collections for Red Hat Enterprise Linux 6 (git19-git) RHSA-2016:0497 2016-03-23
Red Hat Enterprise Linux 6 (git) RHSA-2016:0496 2016-03-23
Last Modified