Candidate: CVE-2016-8569
PublicDate: 2017-02-03 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8569
Description:
 The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows
 remote attackers to cause a denial of service (NULL pointer dereference)
 via a cat-file command with a crafted object file.
Ubuntu-Description:
 It was discovered that libgit2 mishandled certain malformed git objects. A
 remove attacker could use this vulnerability to cause a denial of service.
Notes:
Bugs:
 https://github.com/libgit2/libgit2/issues/3937
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840227
Priority: low
Discovered-by:
Assigned-to: mikesalvatore
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_libgit2:
upstream_libgit2: released (0.25.1+really0.24.6-1)
precise_libgit2: DNE
precise/esm_libgit2: DNE
trusty_libgit2: ignored (out of standard support)
trusty/esm_libgit2: released (0.19.0-2ubuntu0.4+esm1)

vivid/stable-phone-overlay_libgit2: DNE
vivid/ubuntu-core_libgit2: DNE
xenial_libgit2: ignored (end of standard support, was needed)

yakkety_libgit2: ignored (reached end-of-life)
zesty_libgit2: ignored (reached end-of-life)
artful_libgit2: ignored (reached end-of-life)
bionic_libgit2: not-affected (0.26.0+dfsg.1-1.1build1)
cosmic_libgit2: not-affected (0.27.4+dfsg.1-0.1)
disco_libgit2: not-affected (0.27.4+dfsg.1-0.1)
eoan_libgit2: not-affected (0.27.4+dfsg.1-0.1)
focal_libgit2: not-affected (0.27.4+dfsg.1-0.1)
groovy_libgit2: not-affected (0.27.4+dfsg.1-0.1)
hirsute_libgit2: not-affected (0.27.4+dfsg.1-0.1)
impish_libgit2: not-affected (0.27.4+dfsg.1-0.1)
jammy_libgit2: not-affected (0.27.4+dfsg.1-0.1)
devel_libgit2: not-affected (0.27.4+dfsg.1-0.1)