CVE-2008-3546 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3546
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3546

Description: Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/44217 UBUNTU http://www.ubuntu.com/usn/USN-723-1 ST 1020627 SAID Secunia Advisory: SA31780 Secunia Advisory: SA31347 Secunia Advisory: SA32029 Secunia Advisory: SA33964 Secunia Advisory: SA32384 MLIST http://kerneltrap.org/mailarchive/git/2008/7/16/2529284 GENTOO http://security.gentoo.org/glsa/glsa-200809-16.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1637 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0253 http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/495391/100/0/threaded BID 30549

Return to the previous page.