CVE-2023-25652

🗓️ 25 Apr 2023 19:17:35Reported by GitHub_MType

Git revision control system allows overwriting of files outside the working tree via specially crafted input in versions 2.30.9 to 2.40.1

Reporter	Title	Published	Views	Family All 199
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	24 Oct 202319:01	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package git version 2.33.8-alt1	2 May 202300:00	–	altlinux
Tenable Nessus	Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2023-180)	24 May 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : git (ALAS-2023-2072)	8 Jun 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0047: git (ALINUX3-SA-2023:0047)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : git (ALSA-2023:3245)	23 May 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : git (ALSA-2023:3246)	23 May 202300:00	–	nessus
Tenable Nessus	CentOS 8 : git (CESA-2023:3246)	8 Feb 202400:00	–	nessus
Tenable Nessus	CentOS 7 : git (RHSA-2023:3263)	28 Jul 202300:00	–	nessus
Tenable Nessus	Debian dla-3844 : git - security update	26 Jun 202400:00	–	nessus

NVD

Vulners

Node

git-scm gitRange<2.30.9

git-scm gitRange2.31.0–2.31.8

git-scm gitRange2.32.0–2.32.7

git-scm gitRange2.33.0–2.33.8

git-scm gitRange2.34.0–2.34.8

git-scm gitRange2.35.0–2.35.8

git-scm gitRange2.36.0–2.36.6

git-scm gitRange2.37.0–2.37.7

git-scm gitRange2.38.0–2.38.5

git-scm gitRange2.39.0–2.39.3

git-scm gitMatch2.40.0

Node

fedoraproject fedoraMatch37

fedoraproject fedoraMatch38

[
  {
    "vendor": "git",
    "product": "git",
    "versions": [
      {
        "version": "< 2.30.9",
        "status": "affected"
      },
      {
        "version": ">= 2.31.0, < 2.31.8",
        "status": "affected"
      },
      {
        "version": ">= 2.32.0, < 2.32.7",
        "status": "affected"
      },
      {
        "version": ">= 2.33.0, < 2.33.8",
        "status": "affected"
      },
      {
        "version": ">= 2.34.0, < 2.34.8",
        "status": "affected"
      },
      {
        "version": ">= 2.35.0, < 2.35.8",
        "status": "affected"
      },
      {
        "version": ">= 2.36.0, < 2.36.6",
        "status": "affected"
      },
      {
        "version": ">= 2.37.0, < 2.37.7",
        "status": "affected"
      },
      {
        "version": ">= 2.38.0, < 2.38.5",
        "status": "affected"
      },
      {
        "version": ">= 2.39.0, < 2.39.3",
        "status": "affected"
      },
      {
        "version": ">= 2.40.0, < 2.40.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
security	www.security.gentoo.org/glsa/202312-15
lists	www.lists.debian.org/debian-lts-announce/2024/06/msg00018.html
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/YFZWGQKB6MM5MNF2DLFTD7KS2KWPICKL/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/RKOXOAZ42HLXHXTW6JZI4L5DAIYDTYCU/
github	www.github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902
openwall	www.openwall.com/lists/oss-security/2023/04/25/2
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/PI7FZ4NNR5S5J5K6AMVQBH2JFP6NE4L7/
github	www.github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/BSXOGVVBJLYX26IAYX6PJSYQB36BREWH/
github	www.github.com/git/git/commit/668f2d53613ac8fd373926ebe219f2c29112d93e

04 Nov 2025 17:15Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.03559

SSVC

CWE-22