The gitoidnfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "libgit2-0", "binary_version": "0.19.0-2ubuntu0.4+esm1" }, { "binary_name": "libgit2-0-dbgsym", "binary_version": "0.19.0-2ubuntu0.4+esm1" }, { "binary_name": "libgit2-dbg", "binary_version": "0.19.0-2ubuntu0.4+esm1" }, { "binary_name": "libgit2-dev", "binary_version": "0.19.0-2ubuntu0.4+esm1" }, { "binary_name": "libgit2-dev-dbgsym", "binary_version": "0.19.0-2ubuntu0.4+esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "libgit2-24", "binary_version": "0.24.1-2ubuntu0.2+esm1" }, { "binary_name": "libgit2-24-dbgsym", "binary_version": "0.24.1-2ubuntu0.2+esm1" }, { "binary_name": "libgit2-dev", "binary_version": "0.24.1-2ubuntu0.2+esm1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libgit2-26", "binary_version": "0.26.0+dfsg.1-1.1build1" }, { "binary_name": "libgit2-26-dbgsym", "binary_version": "0.26.0+dfsg.1-1.1build1" }, { "binary_name": "libgit2-dev", "binary_version": "0.26.0+dfsg.1-1.1build1" } ] }