{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-07-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20080812 rPSA-2008-0253-1 git gitweb","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/495391/100/0/threaded"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt"},{"name":"32029","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32029"},{"tags":["x_refsource_CONFIRM"],"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0253"},{"name":"git-multiple-bo(44217)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44217"},{"name":"33964","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/33964"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.rpath.com/browse/RPL-2707"},{"name":"31347","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31347"},{"name":"GLSA-200809-16","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-200809-16.xml"},{"name":"DSA-1637","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2008/dsa-1637"},{"name":"[git] 20080716 [PATCH] Fix buffer overflow in git diff","tags":["mailing-list","x_refsource_MLIST"],"url":"http://kerneltrap.org/mailarchive/git/2008/7/16/2529284"},{"name":"FEDORA-2008-9080","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.html"},{"name":"32384","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32384"},{"name":"30549","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/30549"},{"name":"ADV-2008-2306","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/2306"},{"name":"1020627","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1020627"},{"name":"31780","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31780"},{"name":"USN-723-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-723-1"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-3546","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20080812 rPSA-2008-0253-1 git gitweb","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/495391/100/0/threaded"},{"name":"http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt","refsource":"CONFIRM","url":"http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt"},{"name":"32029","refsource":"SECUNIA","url":"http://secunia.com/advisories/32029"},{"name":"http://wiki.rpath.com/Advisories:rPSA-2008-0253","refsource":"CONFIRM","url":"http://wiki.rpath.com/Advisories:rPSA-2008-0253"},{"name":"git-multiple-bo(44217)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44217"},{"name":"33964","refsource":"SECUNIA","url":"http://secunia.com/advisories/33964"},{"name":"https://issues.rpath.com/browse/RPL-2707","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-2707"},{"name":"31347","refsource":"SECUNIA","url":"http://secunia.com/advisories/31347"},{"name":"GLSA-200809-16","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-200809-16.xml"},{"name":"DSA-1637","refsource":"DEBIAN","url":"http://www.debian.org/security/2008/dsa-1637"},{"name":"[git] 20080716 [PATCH] Fix buffer overflow in git diff","refsource":"MLIST","url":"http://kerneltrap.org/mailarchive/git/2008/7/16/2529284"},{"name":"FEDORA-2008-9080","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.html"},{"name":"32384","refsource":"SECUNIA","url":"http://secunia.com/advisories/32384"},{"name":"30549","refsource":"BID","url":"http://www.securityfocus.com/bid/30549"},{"name":"ADV-2008-2306","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/2306"},{"name":"1020627","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1020627"},{"name":"31780","refsource":"SECUNIA","url":"http://secunia.com/advisories/31780"},{"name":"USN-723-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-723-1"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T09:45:18.573Z"},"title":"CVE Program Container","references":[{"name":"20080812 rPSA-2008-0253-1 git gitweb","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/495391/100/0/threaded"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.5.6.4.txt"},{"name":"32029","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32029"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://wiki.rpath.com/Advisories:rPSA-2008-0253"},{"name":"git-multiple-bo(44217)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44217"},{"name":"33964","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/33964"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.rpath.com/browse/RPL-2707"},{"name":"31347","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31347"},{"name":"GLSA-200809-16","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-200809-16.xml"},{"name":"DSA-1637","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2008/dsa-1637"},{"name":"[git] 20080716 [PATCH] Fix buffer overflow in git diff","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://kerneltrap.org/mailarchive/git/2008/7/16/2529284"},{"name":"FEDORA-2008-9080","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.html"},{"name":"32384","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32384"},{"name":"30549","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/30549"},{"name":"ADV-2008-2306","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/2306"},{"name":"1020627","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1020627"},{"name":"31780","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31780"},{"name":"USN-723-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-723-1"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-3546","datePublished":"2008-08-07T21:00:00.000Z","dateReserved":"2008-08-07T00:00:00.000Z","dateUpdated":"2024-08-07T09:45:18.573Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}