CVE-2018-11233

Published May 30, 2018

Last updated 3 days ago

CVSS high 7.5

Overview

Description: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-125

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE96C42E-1DF2-4CC6-AB37-C8122905B5D8",
            "versionEndIncluding": "2.13.6"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "515402E8-CC8F-4B78-9885-AD23C6FFCD8C",
            "versionEndIncluding": "2.14.3",
            "versionStartIncluding": "2.14.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66B7E411-4448-45CA-8F65-A78AF2BE411C",
            "versionEndIncluding": "2.15.1",
            "versionStartIncluding": "2.15.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC4924B8-5B90-426E-B534-F2D96C807F1D",
            "versionEndIncluding": "2.16.3",
            "versionStartIncluding": "2.16.0"
          },
          {
            "criteria": "cpe:2.3:a:git-scm:git:2.17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D9CD326-3B81-4DBA-AB43-7FD2B596D411"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References