Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-41903
HistoryJan 17, 2023 - 11:15 p.m.

CVE-2022-41903

2023-01-1723:15:15
Debian Security Bug Tracker
security-tracker.debian.org
29
git
integer overflow
format specifiers
arbitrary code execution
upgrade
git daemon

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.1%

Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in pretty.c::format_and_pad_commit() where a size_t is stored improperly as an int, and then added as an offset to a memcpy(). This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., git log --format=...). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable git archive in untrusted repositories. If you expose git archive via git daemon, disable it by running git config --global daemon.uploadArch false.

OSVersionArchitecturePackageVersionFilename
Debian12allgit< 1:2.39.1-0.1git_1:2.39.1-0.1_all.deb
Debian11allgit< 1:2.30.2-1+deb11u1git_1:2.30.2-1+deb11u1_all.deb
Debian999allgit< 1:2.39.1-0.1git_1:2.39.1-0.1_all.deb
Debian13allgit< 1:2.39.1-0.1git_1:2.39.1-0.1_all.deb

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

77.1%