revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
References
Link Providers
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html cve-icon cve-icon
http://pastebin.com/UX2P2jjg cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-0496.html cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3521 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2016/03/15/5 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html cve-icon cve-icon
http://www.securityfocus.com/bid/84355 cve-icon cve-icon
http://www.securitytracker.com/id/1035290 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2938-1 cve-icon cve-icon
https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305 cve-icon cve-icon
https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2016-2315 cve-icon
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt cve-icon cve-icon
https://security.gentoo.org/glsa/201605-01 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2016-2315 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-08T14:00:00

Updated: 2024-08-05T23:24:48.432Z

Reserved: 2016-02-11T00:00:00

Link: CVE-2016-2315

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-04-08T14:59:01.187

Modified: 2024-11-21T02:48:12.820

Link: CVE-2016-2315

cve-icon Redhat

Severity : Important

Publid Date: 2016-03-06T00:00:00Z

Links: CVE-2016-2315 - Bugzilla