CVE-2016-10129

HIGH7.5EPSS 3.2%

Published: 3/24/2017Modified: 4/28/2026

Description

The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

Affected packages (3)

Alpine/libgit2from 0, < 0.25.1-r0
Debian/cargofrom 0, < 0.17.0-1
Debian/libgit2from 0, < 0.25.1+really0.24.6-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-10129
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-10129