How severe is CVE-2024-24577?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-24577?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2024-24577

CRITICAL Year: 2024

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-122

View all →

Vulnerability Description

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2.

CVE-2014-9187

CRITICAL

CVSS:9.8(Critical)

Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could le...

CWE-1222014

CVE-2016-8622

CRITICAL

CVSS:9.8(Critical)

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2...

CWE-1222016

CVE-2017-7555

CRITICAL

CVSS:9.8(Critical)

Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application...

CWE-1222017

CVE-2017-9636

CRITICAL

CVSS:9.8(Critical)

Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial ...

CWE-1222017

CVE-2018-10617

CRITICAL

CVSS:9.8(Critical)

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, c...

CWE-1222018

CVE-2018-14618

CRITICAL

CVSS:9.8(Critical)

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figu...

CWE-1222018

CVE-2024-24577

Vulnerability Description

Related Vulnerabilities

CVE-2014-9187

CVE-2016-8622

CVE-2017-7555

CVE-2017-9636

CVE-2018-10617

CVE-2018-14618