CVE-2024-24577

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 6, 2024

Updated: Feb 27, 2024

CWE ID 119

CWE ID 122

Summary

CVE-2024-24577 is a vulnerability affecting the libgit2 library, which provides Git functionality to applications. A heap corruption issue was discovered in the `git_index_add` function, specifically in the `has_dir_name` function within `src/libgit2/index.c`. This vulnerability arises when an entry is inappropriately freed and later used with potentially malicious data, leading to controlled heap corruption. Depending on the application, this could result in arbitrary code execution. The issue has been addressed in versions 1.6.5 and 1.7.2 of the libgit2 library.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

libgit2

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uR4ZIa
https://www.cve.org/CVERecord?id=CVE-2024-24577
https://nvd.nist.gov/vuln/detail/CVE-2024-24577

Back to Vulnerability Database

CVE-2024-24577

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations