CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

Published : 2018-10-06 14:29 Updated : 2019-04-22 17:48

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Git-scm Git 2.14.0 cpe:/a:git-scm:git:2.14.0
Git-scm Git 2.14.0 cpe:/a:git-scm:git:2.14.0:rc0
Git-scm Git 2.14.0 cpe:/a:git-scm:git:2.14.0:rc1
Git-scm Git 2.14.1 cpe:/a:git-scm:git:2.14.1
Git-scm Git 2.14.2 cpe:/a:git-scm:git:2.14.2
Git-scm Git 2.15.0 cpe:/a:git-scm:git:2.15.0
Git-scm Git 2.15.0 cpe:/a:git-scm:git:2.15.0:rc0
Git-scm Git 2.15.0 cpe:/a:git-scm:git:2.15.0:rc1
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Redhat Enterprise Linux 6.7 cpe:/o:redhat:enterprise_linux:6.7
Redhat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0
Redhat Enterprise Linux 7.3 cpe:/o:redhat:enterprise_linux:7.3
Redhat Enterprise Linux 7.4 cpe:/o:redhat:enterprise_linux:7.4
Redhat Enterprise Linux 7.5 cpe:/o:redhat:enterprise_linux:7.5
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Server Aus 7.6 cpe:/o:redhat:enterprise_linux_server_aus:7.6
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Redhat Enterprise Linux Server Tus 7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Redhat Ansible Tower 3.3 cpe:/a:redhat:ansible_tower:3.3
Redhat Enterprise Linux 7.6 cpe:/o:redhat:enterprise_linux:7.6
Redhat Enterprise Linux 6.0 cpe:/o:redhat:enterprise_linux:6.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 14.04
      2. 16.04
      3. 18.04
  2. Redhat (8) Search CVE
    1. Enterprise Linux Server Eus (1) Search CVE
      1. 7.6
    2. Ansible Tower (1) Search CVE
      1. 3.3
    3. Enterprise Linux Server Aus (1) Search CVE
      1. 7.6
    4. Enterprise Linux Server Tus (1) Search CVE
      1. 7.6
    5. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    6. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    7. Enterprise Linux (7) Search CVE
      1. 6.7
      2. 7.0
      3. 7.3
      4. 7.4
      5. 7.5
      6. 7.6
      7. 6.0
    8. Enterprise Linux Server (1) Search CVE
      1. 7.0
  3. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0
  4. Git-scm (1) Search CVE
    1. Git (4) Search CVE
      1. 2.14.0
      2. 2.14.1
      3. 2.14.2
      4. 2.15.0

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-04-22 17:48
2019-04-18 16:06
2019-03-21 16:29
2019-01-08 16:18
2018-11-13 11:29
2018-11-07 11:29
2018-10-31 10:31
2018-10-18 10:29
2018-10-12 10:29
2018-10-09 10:29
2018-10-07 10:29
2018-10-06 14:29

New CVE