github libgit2/libgit2 v1.7.2
libgit2 v1.7.2
on GitHub

latest release: v1.8.0
3 months ago

🔒 This is a security release with multiple changes.

  • A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application. This fixes CVE-2024-24575, which was discovered by researchers at Amazon AWS.

  • A bug in git_index_add is fixed that could have caused the function to corrupt its heap and possibly lead to arbitrary code execution. This fixes CVE-2024-24577, which was discovered by researchers at Amazon AWS.

  • A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities.

The libgit2 project thanks the researchers and outreach team at AWS Security for finding the git_index_add and git_revparse_single bugs, and providing details and reproduction steps during their responsible disclosure.

All users of the v1.7 release line are recommended to upgrade.

Check out latest releases or
releases around libgit2/libgit2 v1.7.2

Don't miss a new libgit2 release

NewReleases is sending notifications on new releases.

Get notifications