VuXML ID | Description |
d2c6173f-e43b-11ed-a1d7-002590f2a714 | git -- Multiple vulnerabilities
git developers reports:
This update includes 2 security fixes:
- CVE-2023-25652: By feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch)
- CVE-2023-29007: A specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug that can be used to inject arbitrary configuration into user's git config. This can result in arbitrary execution of code, by inserting values for core.pager, core.editor and so on
Discovery 2023-04-25 Entry 2023-04-26 git
< 2.40.1
git-lite
< 2.40.1
git-tiny
< 2.40.1
CVE-2023-25652
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
CVE-2023-29007
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844
|
8fafbef4-b1d9-11ed-b0f4-002590f2a714 | git -- gitattributes parsing integer overflow
git team reports:
gitattributes are used to define unique attributes corresponding
to paths in your repository. These attributes are defined by
.gitattributes file(s) within your repository.
The parser used to read these files has multiple integer
overflows, which can occur when parsing either a large number
of patterns, a large number of attributes, or attributes with
overly-long names.
These overflows may be triggered via a malicious
.gitattributes file. However, Git automatically splits lines at
2KB when reading .gitattributes from a file, but not when parsing
it from the index. Successfully exploiting this vulnerability
depends on the location of the .gitattributes file in question.
This integer overflow can result in arbitrary heap reads
and writes, which may result in remote code execution.
Discovery 2023-01-17 Entry 2023-02-21 git
< 2.39.1
CVE-2022-23521
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-23521
|
21f12de8-b1db-11ed-b0f4-002590f2a714 | git -- "git apply" overwriting paths outside the working tree
git team reports:
By feeding a crafted input to "git apply", a path outside the
working tree can be overwritten as the user who is running "git
apply".
Discovery 2023-02-14 Entry 2023-02-21 git
< 2.39.2
CVE-2023-23946
https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-23946
|
2fcca7e4-b1d7-11ed-b0f4-002590f2a714 | git -- Heap overflow in `git archive`, `git log --format` leading to RCE
The git team reports:
git log has the ability to display commits using an arbitrary
format with its --format specifiers. This functionality is also
exposed to git archive via the export-subst gitattribute.
When processing the padding operators (e.g., %<(, %<|(,
%>(, %>>(, or %><( ), an integer overflow can occur in
pretty.c::format_and_pad_commit() where a size_t is improperly
stored as an int, and then added as an offset to a subsequent
memcpy() call.
This overflow can be triggered directly by a user running a
command which invokes the commit formatting machinery (e.g., git
log --format=...). It may also be triggered indirectly through
git archive via the export-subst mechanism, which expands format
specifiers inside of files within the repository during a git
archive.
This integer overflow can result in arbitrary heap writes, which
may result in remote code execution.
Discovery 2023-01-17 Entry 2023-02-21 git
< 2.39.1
CVE-2022-41903
https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/#cve-2022-41903
|
2523bc76-4f01-11ed-929b-002590f2a714 | git -- Multiple vulnerabilities
This release contains 2 security fixes:
CVE-2022-39253
When relying on the `--local` clone optimization, Git dereferences
symbolic links in the source repository before creating hardlinks
(or copies) of the dereferenced link in the destination repository.
This can lead to surprising behavior where arbitrary files are
present in a repository's `$GIT_DIR` when cloning from a malicious
repository.
Git will no longer dereference symbolic links via the `--local`
clone mechanism, and will instead refuse to clone repositories that
have symbolic links present in the `$GIT_DIR/objects` directory.
Additionally, the value of `protocol.file.allow` is changed to be
"user" by default.
CVE-2022-39260
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
Discovery 2022-06-09 Entry 2022-10-18 git
< 2.38.1
git-lite
< 2.38.1
git-tiny
< 2.38.1
CVE-2022-39253
CVE-2022-39260
https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u
|
b99f99f6-021e-11ed-8c6f-000c29ffbb6c | git -- privilege escalation
The git project reports:
Git is vulnerable to privilege escalation in all platforms.
An unsuspecting user could still be affected by the issue
reported in CVE-2022-24765, for example when navigating as
root into a shared tmp directory that is owned by them, but
where an attacker could create a git repository.
Discovery 2022-07-12 Entry 2022-07-12 git
< 2.37.1
CVE-2022-29187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187
|
67765237-8470-11ea-a283-b42e99a1b9c3 | malicious URLs can cause git to send a stored credential to wrong server
git security advisory reports:
Git uses external "credential helper" programs to store and retrieve passwords or
other credentials from secure storage provided by the operating system. Specially-crafted
URLs that are considered illegal as of the recently published Git versions can cause Git
to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers
will interpret this as matching any URL, and will return some unspecified stored password,
leaking the password to an attacker's server.
Discovery 2020-04-20 Entry 2020-04-22 git
ge 2.26.0 lt 2.26.2
ge 2.25.0 lt 2.25.4
ge 2.24.0 lt 2.24.3
ge 2.23.0 lt 2.23.3
ge 2.22.0 lt 2.22.4
ge 2.21.0 lt 2.21.3
ge 2.20.0 lt 2.20.4
ge 2.19.0 lt 2.19.5
ge 2.18.0 lt 2.18.4
ge 0 lt 2.17.5
git-lite
ge 2.26.0 lt 2.26.2
ge 2.25.0 lt 2.25.4
ge 2.24.0 lt 2.24.3
ge 2.23.0 lt 2.23.3
ge 2.22.0 lt 2.22.4
ge 2.21.0 lt 2.21.3
ge 2.20.0 lt 2.20.4
ge 2.19.0 lt 2.19.5
ge 2.18.0 lt 2.18.4
ge 0 lt 2.17.5
git-gui
ge 2.26.0 lt 2.26.2
ge 2.25.0 lt 2.25.4
ge 2.24.0 lt 2.24.3
ge 2.23.0 lt 2.23.3
ge 2.22.0 lt 2.22.4
ge 2.21.0 lt 2.21.3
ge 2.20.0 lt 2.20.4
ge 2.19.0 lt 2.19.5
ge 2.18.0 lt 2.18.4
ge 0 lt 2.17.5
https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7
CVE-2020-11008
|
9548d6ed-b1da-11ed-b0f4-002590f2a714 | git -- Local clone-based data exfiltration with non-local transports
git team reports:
Using a specially-crafted repository, Git can be tricked into using
its local clone optimization even when using a non-local transport.
Though Git will abort local clones whose source $GIT_DIR/objects
directory contains symbolic links (c.f., CVE-2022-39253), the objects
directory itself may still be a symbolic link.
These two may be combined to include arbitrary files based on known
paths on the victim's filesystem within the malicious repository's
working copy, allowing for data exfiltration in a similar manner as
CVE-2022-39253.
Discovery 2023-02-14 Entry 2023-02-21 git
< 2.39.2
CVE-2023-22490
https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/#cve-2023-22490
|
ced2d47e-8469-11ea-a283-b42e99a1b9c3 | malicious URLs may present credentials to wrong server
git security advisory reports:
Git uses external "credential helper" programs to store and retrieve passwords or
other credentials from secure storage provided by the operating system.
Specially-crafted URLs that contain an encoded newline can inject unintended values
into the credential helper protocol stream, causing the credential helper to retrieve
the password for one server for an HTTP request being made to another
server, resulting in credentials for the former being sent to the
latter.
Discovery 2020-04-14 Entry 2020-04-22 git
ge 2.26.0 lt 2.26.1
ge 2.25.0 lt 2.25.3
ge 2.24.0 lt 2.24.2
ge 2.23.0 lt 2.23.2
ge 2.22.0 lt 2.22.3
ge 2.21.0 lt 2.21.2
ge 2.20.0 lt 2.20.3
ge 2.19.0 lt 2.19.4
ge 2.18.0 lt 2.18.3
ge 0 lt 2.17.4
git-lite
ge 2.26.0 lt 2.26.1
ge 2.25.0 lt 2.25.3
ge 2.24.0 lt 2.24.2
ge 2.23.0 lt 2.23.2
ge 2.22.0 lt 2.22.3
ge 2.21.0 lt 2.21.2
ge 2.20.0 lt 2.20.3
ge 2.19.0 lt 2.19.4
ge 2.18.0 lt 2.18.3
ge 0 lt 2.17.4
git-gui
ge 2.26.0 lt 2.26.1
ge 2.25.0 lt 2.25.3
ge 2.24.0 lt 2.24.2
ge 2.23.0 lt 2.23.2
ge 2.22.0 lt 2.22.3
ge 2.21.0 lt 2.21.2
ge 2.20.0 lt 2.20.3
ge 2.19.0 lt 2.19.4
ge 2.18.0 lt 2.18.3
ge 0 lt 2.17.4
https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q
CVE-2020-5260
|