CVE-2017-15298
Description
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.446
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Git (X64) 2.14.2 | Windows |
| Multiple vulnerabilities affected in Git 2.14.2 | Windows |
| Vulnerabilities CVE-2017-15298,CVE-2019-19604,CVE-2021-21300 are affected in Git (X64) 2.2.0-- | Windows |
| Vulnerabilities CVE-2017-15298,CVE-2019-19604,CVE-2021-21300 are affected in Git 2.2.0-- | Windows |
| Uncontrolled Resource Consumption Vulnerability (CVE-2017-15298) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-319947 | Git (x64) (2.32.0) |
| PATCH-342449 | Git (2.47.0.2) |
| PATCH-352878 | Git (x64) (2.51.2) |
| PATCH-350752 | Git (2.50.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234