vulnerability

Oracle Solaris 11: CVE-2018-17456: Vulnerability in Git

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Oct 6, 2018	Nov 19, 2018	Feb 17, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Oct 6, 2018

Added

Nov 19, 2018

Modified

Feb 17, 2022

Description

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

Solutions

oracle-solaris-11-3-upgrade-developer-versioning-git-2-19-2-0-175-3-36-0-11-0oracle-solaris-11-4-upgrade-developer-versioning-git-2-15-3-11-4-3-0-1-4-0

References

BID-105523
BID-107511
CVE-2018-17456
https://attackerkb.com/topics/CVE-2018-17456
DEBIAN-DSA-4311
REDHAT-RHSA-2018:3408
REDHAT-RHSA-2018:3505
REDHAT-RHSA-2018:3541
REDHAT-RHSA-2020:0316
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report