9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.7%
Git is distributed revision control system. git log
can display commits in an arbitrary format using its --format
specifiers. This functionality is also exposed to git archive
via the export-subst
gitattribute. When processing the padding operators, there is a integer overflow in pretty.c::format_and_pad_commit()
where a size_t
is stored improperly as an int
, and then added as an offset to a memcpy()
. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...
). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable git archive
in untrusted repositories. If you expose git archive via git daemon
, disable it by running git config --global daemon.uploadArch false
.
Vendor | Product | Version | CPE |
---|---|---|---|
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | * | cpe:2.3:a:git:git:*:*:*:*:*:*:*:* |
git | git | 2.39.0 | cpe:2.3:a:git:git:2.39.0:*:*:*:*:*:*:* |
[
{
"vendor": "git",
"product": "git",
"versions": [
{
"version": "< 2.30.7",
"status": "affected"
},
{
"version": ">= 2.31.0, < 2.31.6",
"status": "affected"
},
{
"version": ">= 2.32.0, < 2.32.5",
"status": "affected"
},
{
"version": ">= 2.33.0, < 2.33.6",
"status": "affected"
},
{
"version": ">= 2.34.0, < 2.34.6",
"status": "affected"
},
{
"version": ">= 2.35.0, < 2.35.6",
"status": "affected"
},
{
"version": ">= 2.36.0, < 2.36.4",
"status": "affected"
},
{
"version": ">= 2.37.0, < 2.37.5",
"status": "affected"
},
{
"version": ">= 2.38.0, < 2.38.3",
"status": "affected"
},
{
"version": "= 2.39.0",
"status": "affected"
}
]
}
]
git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst
git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem
github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76
github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq
security.gentoo.org/glsa/202312-15
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.7%