CVE-2008-3546

Publication date 7 August 2008

Last updated 24 July 2024

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
git-core	8.10 intrepid	Fixed 1:1.5.6.3-1.1ubuntu2.1
	8.04 LTS hardy	Fixed 1:1.5.4.3-1ubuntu2.1
	7.10 gutsy	Fixed 1:1.5.2.5-2ubuntu0.1
	7.04 feisty	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 1.1.3-1ubuntu1.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
git-core	Upstream: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=fd55a19 Upstream: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=620e2bb Upstream: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=f66cf96 Vendor: http://patch-tracking.debian.net/package/git-core/1:1.4.4.4-4+etch1

CVE-2008-3546

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references