VuXML ID | Description |
9548d6ed-b1da-11ed-b0f4-002590f2a714 | git -- Local clone-based data exfiltration with non-local transports
git team reports:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
Discovery 2023-02-14 Entry 2023-02-21 git
< 2.39.2
CVE-2023-22490
https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-22490
|
8fafbef4-b1d9-11ed-b0f4-002590f2a714 | git -- gitattributes parsing integer overflow
git team reports:
gitattributes are used to define unique attributes corresponding
to paths in your repository. These attributes are defined by
.gitattributes file(s) within your repository.
The parser used to read these files has multiple integer
overflows, which can occur when parsing either a large number
of patterns, a large number of attributes, or attributes with
overly-long names.
These overflows may be triggered via a malicious
.gitattributes file. However, Git automatically splits lines at
2KB when reading .gitattributes from a file, but not when parsing
it from the index. Successfully exploiting this vulnerability
depends on the location of the .gitattributes file in question.
This integer overflow can result in arbitrary heap reads
and writes, which may result in remote code execution.
Discovery 2023-01-17 Entry 2023-02-21 git
< 2.39.1
CVE-2022-23521
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521
|
d2c6173f-e43b-11ed-a1d7-002590f2a714 | git -- Multiple vulnerabilities
git developers reports:
This update includes 2 security fixes:
- CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch)
- CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config. This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on
Discovery 2023-04-25 Entry 2023-04-26 git
< 2.40.1
git-lite
< 2.40.1
git-tiny
< 2.40.1
CVE-2023-25652
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
CVE-2023-29007
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
|
21f12de8-b1db-11ed-b0f4-002590f2a714 | git -- "git apply" overwriting paths outside the working tree
git team reports:
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
Discovery 2023-02-14 Entry 2023-02-21 git
< 2.39.2
CVE-2023-23946
https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-23946
|
2fcca7e4-b1d7-11ed-b0f4-002590f2a714 | git -- Heap overflow in `git archive`, `git log --format` leading to RCE
The git team reports:
git log has the ability to display commits using an arbitrary
format with its --format specifiers. This functionality is also
exposed to git archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(,
%>(, %>>(, or %><( ), an integer overflow can occur in
pretty.c::format_and_pad_commit() where a size_t is improperly
stored as an int, and then added as an offset to a subsequent
memcpy() call.
This overflow can be triggered directly by a user running a
command which invokes the commit formatting machinery (e.g., git
log --format=...). It may also be triggered indirectly through
git archive via the export-subst mechanism, which expands format
specifiers inside of files within the repository during a git
archive.
This integer overflow can result in arbitrary heap writes, which
may result in remote code execution.
Discovery 2023-01-17 Entry 2023-02-21 git
< 2.39.1
CVE-2022-41903
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-41903
|