Dulwich Buffer Overflow when handling pack files

GHSA-vjjf-3rvg-gv3v · CVE-2015-0838 · PYSEC-2015-35

Published May 17, 2022 · Modified Apr 14, 2025

Description

Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-0838
PACKAGE https://github.com/jelmer/dulwich
WEB https://github.com/pypa/advisory-database/tree/main/vulns/dulwich/PYSEC-2015-35.yaml
WEB https://lists.launchpad.net/dulwich-users/msg00829.html
WEB http://www.debian.org/security/2015/dsa-3206

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes