7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.1%
Issue Overview:
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject
, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using git apply
with --reject
when applying patches from an untrusted source. Use git apply --stat
to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the *.rej
file exists. (CVE-2023-25652)
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules
file with submodule URLs that are longer than 1024 characters can used to exploit a bug in config.c::git_config_copy_or_rename_section_in_file()
. This bug can be used to inject arbitrary configuration into a user’s $GIT_DIR/config
when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as core.pager
, core.editor
, core.sshCommand
, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running git submodule deinit
on untrusted repositories or without prior inspection of any submodule sections in $GIT_DIR/config
. (CVE-2023-29007)
Affected Packages:
git
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update git to update your system.
New Packages:
aarch64:
git-2.40.1-1.amzn2.0.1.aarch64
git-core-2.40.1-1.amzn2.0.1.aarch64
git-credential-libsecret-2.40.1-1.amzn2.0.1.aarch64
git-daemon-2.40.1-1.amzn2.0.1.aarch64
git-debuginfo-2.40.1-1.amzn2.0.1.aarch64
i686:
git-2.40.1-1.amzn2.0.1.i686
git-core-2.40.1-1.amzn2.0.1.i686
git-credential-libsecret-2.40.1-1.amzn2.0.1.i686
git-daemon-2.40.1-1.amzn2.0.1.i686
git-debuginfo-2.40.1-1.amzn2.0.1.i686
noarch:
git-all-2.40.1-1.amzn2.0.1.noarch
git-core-doc-2.40.1-1.amzn2.0.1.noarch
git-cvs-2.40.1-1.amzn2.0.1.noarch
git-email-2.40.1-1.amzn2.0.1.noarch
gitk-2.40.1-1.amzn2.0.1.noarch
gitweb-2.40.1-1.amzn2.0.1.noarch
git-gui-2.40.1-1.amzn2.0.1.noarch
git-instaweb-2.40.1-1.amzn2.0.1.noarch
git-p4-2.40.1-1.amzn2.0.1.noarch
perl-Git-2.40.1-1.amzn2.0.1.noarch
perl-Git-SVN-2.40.1-1.amzn2.0.1.noarch
git-subtree-2.40.1-1.amzn2.0.1.noarch
git-svn-2.40.1-1.amzn2.0.1.noarch
src:
git-2.40.1-1.amzn2.0.1.src
x86_64:
git-2.40.1-1.amzn2.0.1.x86_64
git-core-2.40.1-1.amzn2.0.1.x86_64
git-credential-libsecret-2.40.1-1.amzn2.0.1.x86_64
git-daemon-2.40.1-1.amzn2.0.1.x86_64
git-debuginfo-2.40.1-1.amzn2.0.1.x86_64
Red Hat: CVE-2023-25652, CVE-2023-29007
Mitre: CVE-2023-25652, CVE-2023-29007
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | aarch64 | git | < 2.40.1-1.amzn2.0.1 | git-2.40.1-1.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | git-core | < 2.40.1-1.amzn2.0.1 | git-core-2.40.1-1.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | git-credential-libsecret | < 2.40.1-1.amzn2.0.1 | git-credential-libsecret-2.40.1-1.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | git-daemon | < 2.40.1-1.amzn2.0.1 | git-daemon-2.40.1-1.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | aarch64 | git-debuginfo | < 2.40.1-1.amzn2.0.1 | git-debuginfo-2.40.1-1.amzn2.0.1.aarch64.rpm |
Amazon Linux | 2 | i686 | git | < 2.40.1-1.amzn2.0.1 | git-2.40.1-1.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | git-core | < 2.40.1-1.amzn2.0.1 | git-core-2.40.1-1.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | git-credential-libsecret | < 2.40.1-1.amzn2.0.1 | git-credential-libsecret-2.40.1-1.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | git-daemon | < 2.40.1-1.amzn2.0.1 | git-daemon-2.40.1-1.amzn2.0.1.i686.rpm |
Amazon Linux | 2 | i686 | git-debuginfo | < 2.40.1-1.amzn2.0.1 | git-debuginfo-2.40.1-1.amzn2.0.1.i686.rpm |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.1%