Endpoint Vulnerability

CVE-2018-10887libgit2: integer overflow leads to out-of-bounds read in git_delta_apply, allowing to read before base array

Description

It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.

Affected Products

libgit2

References

CVE-2018-10887,