Lucene search

CVE-2023-25652

🗓️ 25 Apr 2023 20:09:15Reported by GitHub_MType

Git revision control system allows overwriting of files outside the working tree via specially crafted input in versions 2.30.9 to 2.40.1

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 159
Cvelist	CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write	25 Apr 202319:17	–	cvelist
RedhatCVE	CVE-2023-25652	26 Apr 202306:17	–	redhatcve
Microsoft CVE	GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write	13 Jun 202307:00	–	mscve
OpenVAS	Fedora: Security Advisory for git (FEDORA-2023-2c851f43ba)	21 Nov 202300:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-6050-2)	18 May 202300:00	–	openvas
OpenVAS	CentOS: Security Advisory for emacs-git (CESA-2023:3263)	30 Jul 202300:00	–	openvas
OpenVAS	Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2683)	5 Sep 202300:00	–	openvas
OpenVAS	Mageia: Security Advisory (MGASA-2023-0163)	8 May 202300:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-6050-1)	2 May 202300:00	–	openvas
OpenVAS	Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-2641)	5 Sep 202300:00	–	openvas

Nvd

Vulners

Node

git-scm gitRange<2.30.9

git-scm gitRange2.31.0–2.31.8

git-scm gitRange2.32.0–2.32.7

git-scm gitRange2.33.0–2.33.8

git-scm gitRange2.34.0–2.34.8

git-scm gitRange2.35.0–2.35.8

git-scm gitRange2.36.0–2.36.6

git-scm gitRange2.37.0–2.37.7

git-scm gitRange2.38.0–2.38.5

git-scm gitRange2.39.0–2.39.3

git-scm gitMatch2.40.0

Node

fedoraproject fedoraMatch37

fedoraproject fedoraMatch38

[
  {
    "vendor": "git",
    "product": "git",
    "versions": [
      {
        "version": "< 2.30.9",
        "status": "affected"
      },
      {
        "version": ">= 2.31.0, < 2.31.8",
        "status": "affected"
      },
      {
        "version": ">= 2.32.0, < 2.32.7",
        "status": "affected"
      },
      {
        "version": ">= 2.33.0, < 2.33.8",
        "status": "affected"
      },
      {
        "version": ">= 2.34.0, < 2.34.8",
        "status": "affected"
      },
      {
        "version": ">= 2.35.0, < 2.35.8",
        "status": "affected"
      },
      {
        "version": ">= 2.36.0, < 2.36.6",
        "status": "affected"
      },
      {
        "version": ">= 2.37.0, < 2.37.7",
        "status": "affected"
      },
      {
        "version": ">= 2.38.0, < 2.38.5",
        "status": "affected"
      },
      {
        "version": ">= 2.39.0, < 2.39.3",
        "status": "affected"
      },
      {
        "version": ">= 2.40.0, < 2.40.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/
security	www.security.gentoo.org/glsa/202312-15
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/
lists	www.lists.debian.org/debian-lts-announce/2024/06/msg00018.html
openwall	www.openwall.com/lists/oss-security/2023/04/25/2
github	www.github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/BSXOGVVBJLYX26IAYX6PJSYQB36BREWH/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/
github	www.github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902
github	www.github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Apr 2023 20:15Current

7.7High risk

Vulners AI Score7.7

CVSS37.5

EPSS0.03601

SSVC

CWE-22