Command Injection
Remote attackers could execute arbitrary commands via an SSH URL with an initial dash character in the hostname.
Remote attackers could execute arbitrary commands via an SSH URL with an initial dash character in the hostname.
Dulwich contains an overflow condition in the py_apply_delta() function in _pack.c. The issue is triggered as user-supplied input is not properly validated when handling pack files. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.