{"id":"CVE-2018-8099","details":"Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.","modified":"2026-05-17T11:54:50.123358348Z","published":"2018-03-14T00:29:00.657Z","related":["SUSE-SU-2018:3440-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"},{"type":"FIX","url":"https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe"},{"type":"FIX","url":"https://libgit2.github.com/security/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}