Launchpad.net

CVE 2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2016-2324 (Candidate) is related to these bugs:

Bug #1557787: client/server RCEs in path_name()

		In	Importance	Status
1557787	client/server RCEs in path_name()	git (Ubuntu)	High	Fix Released
1557787	client/server RCEs in path_name()	git (Debian)	Unknown	Fix Released
1557787	client/server RCEs in path_name()	git (Ubuntu Trusty)	Undecided	Fix Released
1557787	client/server RCEs in path_name()	git (Ubuntu Wily)	Undecided	Fix Released
1557787	client/server RCEs in path_name()	git (Ubuntu Precise)	Undecided	Fix Released

Bug #1563336: Sync git 1:2.8.1-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1563336	Sync git 1:2.8.1-1 (main) from Debian unstable (main)		git (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2324

Related bugs and status

Related bugs

References