Cygwin Security Vulnerabilities

CVE-2016-3067

Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.

CVE-2017-7523

Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input stri...

CVE-2021-29468

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cyg...