The vulnerability of the pretty.c::format_and_padCommit() function, a formatting mechanism for Git’s distributed version control system, allows a hacker to execute arbitrary code.

The vulnerability of the pretty.c::formatandpadCommit function, a formatting mechanism for Git’s distributed version control system, is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

git -- Heap overflow in `git archive`, `git log --format` leading to RCE

The git team reports: git log has the ability to display commits using an arbitrary format with its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators e.g., %, %, or % , an integer overflow can occur in...