Impact

Using well-crafted inputs togit_revparse_single can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application.

Detailed description

The revparse function insrc/libgit2/revparse.c uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory.

This can be abused to create an infinite loop in the revparse function. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. This issue was introduced in the commitadd2dabb3c16aa49b33904dcdc07cd915efc12fa. As such, libgit2 versions before 1.4.0 are not affected. Some of the language-specific wrappers (such as e.g. Rugged for ruby) bundle old versions of libgit2 (i.e., < 1.4) and are not affected. pygit2 since version 1.9 and git2go since v34 are affected.

Patches

Users should upgrade to v1.6.5 or v1.7.2.