Impact
Using well-crafted inputs to git_revparse_single can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application.
Detailed description
The revparse function in src/libgit2/revparse.c uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory.
This can be abused to create an infinite loop in the revparse function. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. This issue was introduced in the commit add2dabb3c16aa49b33904dcdc07cd915efc12fa. As such, libgit2 versions before 1.4.0 are not affected. Some of the language-specific wrappers (such as e.g. Rugged for ruby) bundle old versions of libgit2 (i.e., < 1.4) and are not affected. pygit2 since version 1.9 and git2go since v34 are affected.
Patches
Users should upgrade to v1.6.5 or v1.7.2.
Impact
Using well-crafted inputs to
git_revparse_singlecan cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application.Detailed description
The revparse function in
src/libgit2/revparse.cuses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory.This can be abused to create an infinite loop in the revparse function. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. This issue was introduced in the commit add2dabb3c16aa49b33904dcdc07cd915efc12fa. As such, libgit2 versions before 1.4.0 are not affected. Some of the language-specific wrappers (such as e.g. Rugged for ruby) bundle old versions of libgit2 (i.e., < 1.4) and are not affected. pygit2 since version 1.9 and git2go since v34 are affected.
Patches
Users should upgrade to v1.6.5 or v1.7.2.