dcsimg
 

'Git Bomb' Vulnerability Could Crash Systems

Monday Oct 16th 2017 by Developer.com Staff

GitHub has released a patch for the flaw.

Developer Kate Murphy found a bug in the Git version control system that could lead to system crashes. She discovered that if a Git repository has just twelve 4 KB objects, entering a command to clone it can result in a de facto denial-of-service. "I wasn't looking for this bug in particular I was just exploring how Git handles weird situations," Murphy said. She added that the bug illustrates the sorts of problems that can occur with continuous integration tools.

Murphy reported the bug to GitHub and received a bug bounty from Hackerone. GitHub has released an update that fixes the bug.

View article

Home
Mobile Site | Full Site