CVE-2018-8099

MEDIUM

libgit2 <v0.26.2 - Use After Free

Title source: llm

Description

Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.

References (3)

Scores

CVSS v3 6.5
EPSS 0.0118
EPSS Percentile 78.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-415
Status published

Affected Products (2)

libgit2/libgit2 < 0.26.2
debian/debian_linux

Timeline

Published Mar 14, 2018
Tracked Since Feb 18, 2026