{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T00:36:20.350","vulnerabilities":[{"cve":{"id":"CVE-2018-10887","sourceIdentifier":"secalert@redhat.com","published":"2018-07-10T14:29:00.260","lastModified":"2026-06-17T01:34:50.723","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service."},{"lang":"es","value":"Se ha descubierto un problema en versiones anteriores a la 0.27.3 de libgit2. Se ha descubierto que una extensión sign inesperada en la función git_delta_apply en el archivo delta.c puede conducir a un desbordamiento de enteros que conduce a una lectura fuera de límites, lo que le permite leer antes del objeto base. Un atacante podría explotar este error para filtrar direcciones de memoria o provocar una denegación de servicio (DoS)."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"libgit2","product":"libgit2","versions":[{"version":"before version 0.27.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-194"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-681"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libgit2:libgit2:*:*:*:*:*:*:*:*","versionEndExcluding":"0.27.3","matchCriteriaId":"733BF26A-72FB-4851-928E-4F7759FEF8E2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1598021","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://github.com/libgit2/libgit2/releases/tag/v0.27.3","source":"secalert@redhat.com","tags":["Patch","Release Notes"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1598021","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/libgit2/libgit2/releases/tag/v0.27.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}