CVE-2018-1000021 — MEDIUM (5.0)

Q: How severe is CVE-2018-1000021?

CVE-2018-1000021 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1000021?

Check the references section above for vendor advisories and patch information. Affected products include: Git-Scm Git.

Vulnerability Description

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Git-Scm	Git	<= 2.15.1

Related Weaknesses (CWE)

CWE-20

References

http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.htmlThird Party Advisory
http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.htmlThird Party Advisory

FAQ

What is CVE-2018-1000021?

CVE-2018-1000021 is a vulnerability with a CVSS score of 5.0 (MEDIUM). GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploi...

How severe is CVE-2018-1000021?

CVE-2018-1000021 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1000021?

Check the references section above for vendor advisories and patch information. Affected products include: Git-Scm Git.