Lucene search
GitHub_MCVELIST:CVE-2023-25652HistoryApr 25, 2023 - 7:17 p.m.
CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write
2023-04-2519:17:35
CWE-22
GitHub_M
raw.githubusercontent.com
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using git apply with --reject when applying patches from an untrusted source. Use git apply --stat to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the *.rej file exists.
Related
openvas
openvas
Fedora: Security Advisory for git (FEDORA-2023-2c851f43ba)
2023-11-21 00:00:00
CentOS: Security Advisory for emacs-git (CESA-2023:3263)
2023-07-30 00:00:00
Ubuntu: Security Advisory (USN-6050-2)
2023-05-18 00:00:00
redhatcve
redhatcve
CVE-2023-25652
2023-04-26 06:17:51
mscve
mscve
prion
prion
Design/Logic Flaw
2023-04-25 20:15:00
wolfi
wolfi
CVE-2023-25652 vulnerabilities
2024-05-29 03:07:31
nessus
nessus
Fedora 37 : git (2023-2c851f43ba)
2023-11-20 00:00:00
RHEL 7 : git (RHSA-2023:3263)
2023-05-23 00:00:00
cve
cve
CVE-2023-25652
2023-04-25 20:15:09
ubuntucve
ubuntucve
CVE-2023-25652
2023-04-25 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: git-2.42.0-2.fc37
2023-11-21 01:23:08
[SECURITY] Fedora 36 Update: git-2.40.1-1.fc36
2023-05-12 02:08:45
[SECURITY] Fedora 38 Update: git-2.40.1-1.fc38
2023-04-28 02:38:56
debiancve
debiancve
CVE-2023-25652
2023-04-25 20:15:09
alpinelinux
alpinelinux
CVE-2023-25652
2023-04-25 20:15:09
cgr
cgr
CVE-2023-25652 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Path Traversal
2023-05-13 14:50:11
osv
osv
CVE-2023-25652
2023-04-25 20:15:09
git vulnerabilities
2023-05-17 13:56:26
git vulnerabilities
2023-05-01 09:37:06
cloudlinux
cloudlinux
git: Fix of 2 CVEs
2023-05-11 14:15:13
redhat
redhat
(RHSA-2023:3263) Important: git security update
2023-05-23 09:00:35
(RHSA-2023:3382) Important: git security update
2023-05-31 12:58:26
(RHSA-2023:3243) Important: git security update
2023-05-22 06:35:08
redos
redos
ROS-20230824-02
2023-08-24 00:00:00
centos
centos
emacs, git, gitk, gitweb, perl security update
2023-07-27 14:38:52
oraclelinux
oraclelinux
git security update
2023-05-23 00:00:00
git security update
2023-05-24 00:00:00
git security update
2023-05-23 00:00:00
freebsd
freebsd
git -- Multiple vulnerabilities
2023-04-25 00:00:00
amazon
amazon
Medium: git
2023-06-05 16:39:00
ubuntu
ubuntu
Git vulnerabilities
2023-05-17 00:00:00
Git vulnerabilities
2023-05-01 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2176
2023-06-27 09:16:21
Advisory ROSA-SA-2023-2292
2023-11-14 13:25:27
Advisory ROSA-SA-2024-2398
2024-04-11 08:08:00
slackware
slackware
[slackware-security] git
2023-04-25 21:30:49
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.33.8-alt1
2023-05-02 00:00:00
cloudfoundry
cloudfoundry
USN-6050-1: Git vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
mageia
mageia
Updated git packages fix security vulnerability
2023-05-06 21:19:07
kaspersky
kaspersky
KLA49048 Multiple vulnerabilities in Git for Windows
2023-04-25 00:00:00
KLA50317 Multiple vulnerabilities in Microsoft Developer Tools
2023-06-13 00:00:00
almalinux
almalinux
Important: git security update
2023-05-22 00:00:00
Important: git security update
2023-05-22 00:00:00
github
github
Git security vulnerabilities announced
2023-04-25 17:13:36
rocky
rocky
git security update
2023-05-25 02:36:20
gentoo
gentoo
Git: Multiple Vulnerabilities
2023-12-27 00:00:00
ibm
ibm
rapid7blog
rapid7blog
Patch Tuesday - June 2023
2023-06-13 20:49:27
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00