Launchpad CVE tracker

CVE 2008-3546

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

Related bugs and status

CVE-2008-3546 (Candidate) is related to these bugs:

Bug #248750: Please sync git-core 1:1.5.6.3-1.1 from Debian testing/unstable main

Summary				In	Importance	Status
	248750	Please sync git-core 1:1.5.6.3-1.1 from Debian testing/unstable main		git-core (Ubuntu)	Wishlist	Fix Released

Bug #256617: [CVE-2008-3546] PATH buffer overflow in diff_addremove(), diff_change() in git leading to arbitrary code execution

Summary				In	Importance	Status
	256617	[CVE-2008-3546] PATH buffer overflow in diff_addremove(), diff_change() in git leading to arbitrary code execution		git-core (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-3546

References