Executive Summary

Informations
Name CVE-2008-3546 First vendor Publication 2008-08-07
Vendor Cve Last vendor Modification 2018-10-11

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20022
 
Oval ID: oval:org.mitre.oval:def:20022
Title: DSA-1637-1 git-core - buffer overflow
Description: Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1637-1
CVE-2008-3546
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): git-core
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7389
 
Oval ID: oval:org.mitre.oval:def:7389
Title: DSA-1637 git-core -- buffer overflow
Description: Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies this vulnerability as CVE-2008-3546.
Family: unix Class: patch
Reference(s): DSA-1637
CVE-2008-3546
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): git-core
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

OpenVAS Exploits

Date Description
2009-06-05 Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl
2009-02-17 Name : Fedora Update for git FEDORA-2008-9080
File : nvt/gb_fedora_2008_9080_git_fc9.nasl
2008-09-28 Name : Gentoo Security Advisory GLSA 200809-16 (git)
File : nvt/glsa_200809_16.nasl
2008-09-17 Name : Debian Security Advisory DSA 1637-1 (git-core)
File : nvt/deb_1637_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-051-02 git
File : nvt/esoft_slk_ssa_2009_051_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
47330 GIT Repository Pathname Handling Multiple Function Overflows

Nessus® Vulnerability Scanner

Date Description
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_git-080907.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-723-1.nasl - Type : ACT_GATHER_INFO
2009-02-23 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-051-02.nasl - Type : ACT_GATHER_INFO
2008-10-24 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9080.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200809-16.nasl - Type : ACT_GATHER_INFO
2008-09-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1637.nasl - Type : ACT_GATHER_INFO
2008-09-10 Name : The remote openSUSE host is missing a security update.
File : suse_git-5585.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/30549
BUGTRAQ http://www.securityfocus.com/archive/1/495391/100/0/threaded
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0253
http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt
https://issues.rpath.com/browse/RPL-2707
DEBIAN http://www.debian.org/security/2008/dsa-1637
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729...
GENTOO http://security.gentoo.org/glsa/glsa-200809-16.xml
MLIST http://kerneltrap.org/mailarchive/git/2008/7/16/2529284
SECTRACK http://www.securitytracker.com/id?1020627
SECUNIA http://secunia.com/advisories/31347
http://secunia.com/advisories/31780
http://secunia.com/advisories/32029
http://secunia.com/advisories/32384
http://secunia.com/advisories/33964
UBUNTU http://www.ubuntu.com/usn/USN-723-1
VUPEN http://www.vupen.com/english/advisories/2008/2306
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/44217

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-05-23 00:22:05
  • Multiple Updates
2018-10-12 00:20:25
  • Multiple Updates
2017-08-08 09:24:18
  • Multiple Updates
2016-06-29 00:00:41
  • Multiple Updates
2016-04-26 17:43:03
  • Multiple Updates
2014-02-17 10:46:00
  • Multiple Updates
2013-05-11 00:23:03
  • Multiple Updates